CVE-2018-11206

Name
CVE-2018-11206
Description
An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5
Third Party Advisory https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:hdfgroup:hdf5:1.10.2:*:*:*:*:*:*:* hdf5 == None == 1.10.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
hdf5 3.14-community 1.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> fixed
hdf5 edge-community 1.12.1-r0 Holger Jaekel <holger.jaekel@gmx.de> fixed