SUSE: 2022:3824-1 Critical: HDF5 Vulnerabilities Resulting In DoS

suse

November 1, 2022

An update that fixes 11 vulnerabilities is now available

Summary

This update for hdf5 fixes the following issues: - CVE-2021-46244: Fixed division by zero leading to DoS (bsc#1195215). - CVE-2018-13867: Fixed out of bounds read in the function H5F__accum_read in H5Faccum.c (bsc#1101906). - CVE-2018-16438: Fixed out of bounds read in H5L_extern_query at H5Lexternal.c (bsc#1107069). - CVE-2020-10812: Fixed NULL pointer dereference (bsc#1167400). - CVE-2021-45830: Fixed heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c (bsc#1194375). - CVE-2019-8396: Fixed buffer overflow in function H5O__layout_encode in H5Olayout.c (bsc#1125882). - CVE-2018-11205: Fixed out of bounds read was discovered in H5VM_memcpyvv in H5VM.c (bsc#1093663). - CVE-2021-46242: Fixed heap-use-after free via the component H5AC_unpin_entry (bsc#1195212).

Topics Covered

security advisory buffer overflow DoS important multiple issues SUSE HDF5

References

#1093663 #1101475 #1101906 #1107069 #1111598

#1125882 #1167400 #1194366 #1194375 #1195212

#1195215

Cross- CVE-2018-11205 CVE-2018-13867 CVE-2018-14031

CVE-2018-16438 CVE-2018-17439 CVE-2019-8396

CVE-2020-10812 CVE-2021-45830 CVE-2021-45833

CVE-2021-46242 CVE-2021-46244

CVSS scores:

CVE-2018-11205 (NVD) : 8.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVE-2018-11205 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2018-13867 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-13867 (SUSE): 5.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

CVE-2018-14031 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2018-14031 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:3824-1

Rating: important

Topics Covered

security advisory buffer overflow DoS important multiple issues SUSE HDF5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3824-1 Critical: HDF5 Vulnerabilities Resulting In DoS

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3824-1 Critical: HDF5 Vulnerabilities Resulting In DoS

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!