Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 601414 (CVE-2016-4332)

Summary: <sci-libs/hdf5-1.8.18: Shareable message type out-of-bounds write (CVE-2016-4332)
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: sci
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 601404    
Bug Blocks:    

Description Ian Zimmerman 2016-12-02 00:39:43 UTC 
According to the RedHat summary:

The vulnerability exists due to the library’s failure to check if certain message types support a particular flag. When this flag is set, the library will cast the structure to an alternative structure and then assign to fields that aren’t supported by the message type. Due to the message type not being able to support this flag, the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Upstream fix:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88


Reproducible: Always
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2016-12-02 08:34:59 UTC 
CVE-2016-4332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4332):
  The library's failure to check if certain message types support a particular
  flag, the HDF5 1.8.16 library will cast the structure to an alternative
  structure and then assign to fields that aren't supported by the message
  type and the library will write outside the bounds of the heap buffer. This
  can lead to code execution under the context of the library.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-01-02 14:55:33 UTC 
This issue was resolved and addressed in
 GLSA 201701-13 at https://security.gentoo.org/glsa/201701-13
by GLSA coordinator Thomas Deutschmann (whissi).