Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714024 (CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812, CVE-2021-45829, CVE-2021-45830, CVE-2021-45832, CVE-2021-45833, CVE-2021-46242, CVE-2021-46243, CVE-2021-46244) - sci-libs/hdf5: multiple vulnerabilities
Summary: sci-libs/hdf5: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812, CVE-2021-45829, CVE-2021-45830, CVE-2021-45832, CVE-2021-45833, CVE-2021-46242, CVE-2021-46243, CVE-2021-46244
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [upstream/ebuild? cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-22 19:23 UTC by Sam James
Modified: 2022-01-22 04:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-22 19:23:59 UTC
1) CVE-2020-10809
Description:
"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1

2) CVE-2020-10810
Description:
"An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3

3) CVE-2020-10811
Description:
"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2

4) CVE-2020-10812
Description:
"An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-22 19:27:13 UTC
(In reply to sam_c (Security Padawan) from comment #0)
> 1) CVE-2020-10809
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
> overflow exists in the function Decompress() located in decompress.c. It can
> be triggered by sending a crafted file to the gif2h5 binary. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
> 

https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/

> 2) CVE-2020-10810
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
> exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
> 

https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/

> 3) CVE-2020-10811
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
> over-read exists in the function H5O__layout_decode() located in
> H5Olayout.c. It allows an attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
> 

https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/

> 4) CVE-2020-10812
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
> exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4

https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/

---
Note that 1.13.0 is unreleased but seems unpatched at present. Need to keep an eye on this: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-05-01 03:41:01 UTC
CVE-2020-10812 (https://nvd.nist.gov/vuln/detail/CVE-2020-10812):
  An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
  exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an
  attacker to cause Denial of Service.

CVE-2020-10811 (https://nvd.nist.gov/vuln/detail/CVE-2020-10811):
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
  over-read exists in the function H5O__layout_decode() located in
  H5Olayout.c. It allows an attacker to cause Denial of Service.

CVE-2020-10810 (https://nvd.nist.gov/vuln/detail/CVE-2020-10810):
  An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
  exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
  attacker to cause Denial of Service.

CVE-2020-10809 (https://nvd.nist.gov/vuln/detail/CVE-2020-10809):
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow
  exists in the function Decompress() located in decompress.c. It can be
  triggered by sending a crafted file to the gif2h5 binary. It allows an
  attacker to cause Denial of Service.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-04 06:52:24 UTC
CVE-2021-45829 (https://github.com/HDFGroup/hdf5/issues/1317):

HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-06 07:44:30 UTC
CVE-2021-45833 (https://github.com/HDFGroup/hdf5/issues/1313):

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).

CVE-2021-45832 (https://github.com/HDFGroup/hdf5/issues/1315):

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).

CVE-2021-45830 (https://github.com/HDFGroup/hdf5/issues/1314):

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-22 04:16:34 UTC
CVE-2021-46242 (https://github.com/HDFGroup/hdf5/issues/1329):

HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.

CVE-2021-46243 (https://github.com/HDFGroup/hdf5/issues/1326):

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46244 (https://github.com/HDFGroup/hdf5/issues/1327):

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

All seem unfixed.