CVE-2018-11206 - OpenCVE

An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hdfgroup	Hdf5

Configuration 1 [-]

cpe:2.3:a:hdfgroup:hdf5:1.10.2:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md	Third Party Advisory
https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-16T00:00:00

Updated: 2023-08-09T00:00:00

Reserved: 2018-05-16T00:00:00

Link: CVE-2018-11206

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-16T15:29:00.447

Modified: 2023-08-09T09:15:12.113

Link: CVE-2018-11206

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "D730451A-1922-442D-9A66-E042453CDBFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack."}, {"lang": "es", "value": "Se ha descubierto una lectura fuera de l\u00edmites en H5O_fill_new_decode y H5O_fill_old_decode en H5Ofill.c en la biblioteca HDF HDF5 1.10.2. Esto podr\u00eda permitir que se realice un ataque de denegaci\u00f3n de servicio remoto o de divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2018-11206", "lastModified": "2023-08-09T09:15:12.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-16T15:29:00.447", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}