CVE-2020-10811

CVE-2020-10811

Name

CVE-2020-10811

Description

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
Exploit	https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/
Release Notes	https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt

Type

URI

Exploit

https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2

Exploit

https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/

Release Notes

https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:hdfgroup:hdf5::::::::`	hdf5	>= None	<= 1.12.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*

hdf5

>= None

<= 1.12.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
hdf5	3.13-community	1.12.0-r0	Holger Jaekel <holger.jaekel@gmx.de>	possibly vulnerable
hdf5	3.14-community	1.12.1-r0	Holger Jaekel <holger.jaekel@gmx.de>	fixed
hdf5	edge-community	1.12.1-r0	Holger Jaekel <holger.jaekel@gmx.de>	fixed

Source package

Branch

Version

Maintainer

Status

hdf5

3.13-community

1.12.0-r0

Holger Jaekel <holger.jaekel@gmx.de>

possibly vulnerable

hdf5

3.14-community