Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 714024 (CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812, CVE-2021-45829, CVE-2021-45830, CVE-2021-45832, CVE-2021-45833, CVE-2021-46242, CVE-2021-46243, CVE-2021-46244) - sci-libs/hdf5: multiple vulnerabilities
Summary: sci-libs/hdf5: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812, CVE-2021-45829, CVE-2021-45830, CVE-2021-45832, CVE-2021-45833, CVE-2021-46242, CVE-2021-46243, CVE-2021-46244
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [upstream/ebuild? cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-22 19:23 UTC by Sam James
Modified: 2022-01-22 04:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-22 19:23:59 UTC 
1) CVE-2020-10809
Description:
"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1

2) CVE-2020-10810
Description:
"An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3

3) CVE-2020-10811
Description:
"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2

4) CVE-2020-10812
Description:
"An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service."

Disclosure: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-22 19:27:13 UTC 
(In reply to sam_c (Security Padawan) from comment #0)
> 1) CVE-2020-10809
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
> overflow exists in the function Decompress() located in decompress.c. It can
> be triggered by sending a crafted file to the gif2h5 binary. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
> 

https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/

> 2) CVE-2020-10810
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
> exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
> 

https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/

> 3) CVE-2020-10811
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
> over-read exists in the function H5O__layout_decode() located in
> H5Olayout.c. It allows an attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
> 

https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/

> 4) CVE-2020-10812
> Description:
> "An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
> exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an
> attacker to cause Denial of Service."
> 
> Disclosure:
> https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4

https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/

---
Note that 1.13.0 is unreleased but seems unpatched at present. Need to keep an eye on this: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-05-01 03:41:01 UTC 
CVE-2020-10812 (https://nvd.nist.gov/vuln/detail/CVE-2020-10812):
  An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
  exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an
  attacker to cause Denial of Service.

CVE-2020-10811 (https://nvd.nist.gov/vuln/detail/CVE-2020-10811):
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer
  over-read exists in the function H5O__layout_decode() located in
  H5Olayout.c. It allows an attacker to cause Denial of Service.

CVE-2020-10810 (https://nvd.nist.gov/vuln/detail/CVE-2020-10810):
  An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
  exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
  attacker to cause Denial of Service.

CVE-2020-10809 (https://nvd.nist.gov/vuln/detail/CVE-2020-10809):
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow
  exists in the function Decompress() located in decompress.c. It can be
  triggered by sending a crafted file to the gif2h5 binary. It allows an
  attacker to cause Denial of Service.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-04 06:52:24 UTC 
CVE-2021-45829 (https://github.com/HDFGroup/hdf5/issues/1317):

HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-06 07:44:30 UTC 
CVE-2021-45833 (https://github.com/HDFGroup/hdf5/issues/1313):

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).

CVE-2021-45832 (https://github.com/HDFGroup/hdf5/issues/1315):

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).

CVE-2021-45830 (https://github.com/HDFGroup/hdf5/issues/1314):

A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-22 04:16:34 UTC 
CVE-2021-46242 (https://github.com/HDFGroup/hdf5/issues/1329):

HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.

CVE-2021-46243 (https://github.com/HDFGroup/hdf5/issues/1326):

An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46244 (https://github.com/HDFGroup/hdf5/issues/1327):

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

All seem unfixed.