Unrated severityNVD Advisory· Published Mar 22, 2020· Updated Aug 4, 2024

CVE-2020-10809

Description

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

HDF5/HDF5description
Hdfgroup/Hdf5llm-fuzzy
Range: <=1.12.0
osv-coords52 versions
pkg:rpm/opensuse/hdf5_1_10_8-gnu-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/hdf5_1_10_8-gnu-hpc&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/hdf5_1_10_8-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/hdf5_1_10_8-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/hdf5_1_10_8-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/hdf5_1_10_8-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/hdf5_1_10_8-gnu-openmpi4-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/hdf5_1_10_8-gnu-openmpi4-hpc&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi1-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012 pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi4-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/hdf5_1_10_8-gnu-openmpi4-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/suse-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/suse-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/suse-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012
< 1.10.8-150300.4.3.1+ 51 more
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-3.12.2
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150200.8.4.3
- (no CPE)range: < 1.10.8-150200.8.4.3
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-3.12.2
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-150300.4.3.1
- (no CPE)range: < 1.10.8-3.12.2
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150100.7.4.3
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-150000.8.4.3
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150200.8.4.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 1.10.8-150300.4.3.2
- (no CPE)range: < 0.5.20220206.0c6b168-150000.11.3.1
- (no CPE)range: < 0.5.20220206.0c6b168-150000.11.3.1
- (no CPE)range: < 0.5.20220206.0c6b168-5.2

Patches

Vulnerability mechanics

References

bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txtmitrex_refsource_MISC
github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1mitrex_refsource_MISC
research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000