Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714024 (CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812) - sci-libs/hdf5: Multiple vulnerabilities (CVE-2020-{10809,10810,10811,10812})
Summary: sci-libs/hdf5: Multiple vulnerabilities (CVE-2020-{10809,10810,10811,10812})
Status: IN_PROGRESS
Alias: CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [upstream/ebuild? cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-22 19:23 UTC by Sam James
Modified: 2020-05-01 03:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-22 19:23:59 UTC
1) CVE-2020-10809
Description:
"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1

2) CVE-2020-10810
Description:
"An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3

3) CVE-2020-10811
Description:
"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2

4) CVE-2020-10812
Description:
"An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
Comment 1 Sam James archtester gentoo-dev Security 2020-03-22 19:27:13 UTC
(In reply to sam_c (Security Padawan) from comment #0)
> 1) CVE-2020-10809
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
> overflow exists in the function Decompress() located in decompress.c. It can
> be triggered by sending a crafted file to the gif2h5 binary. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
> 

https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/

> 2) CVE-2020-10810
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
> exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
> 

https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/

> 3) CVE-2020-10811
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
> over-read exists in the function H5O__layout_decode() located in
> H5Olayout.c. It allows an attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
> 

https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/

> 4) CVE-2020-10812
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
> exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4

https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/

---
Note that 1.13.0 is unreleased but seems unpatched at present. Need to keep an eye on this: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-05-01 03:41:01 UTC
CVE-2020-10812 (https://nvd.nist.gov/vuln/detail/CVE-2020-10812):
  An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
  exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an
  attacker to cause Denial of Service.

CVE-2020-10811 (https://nvd.nist.gov/vuln/detail/CVE-2020-10811):
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
  over-read exists in the function H5O__layout_decode() located in
  H5Olayout.c. It allows an attacker to cause Denial of Service.

CVE-2020-10810 (https://nvd.nist.gov/vuln/detail/CVE-2020-10810):
  An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
  exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
  attacker to cause Denial of Service.

CVE-2020-10809 (https://nvd.nist.gov/vuln/detail/CVE-2020-10809):
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow
  exists in the function Decompress() located in decompress.c. It can be
  triggered by sending a crafted file to the gif2h5 binary. It allows an
  attacker to cause Denial of Service.