Vulnerability Description
An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVSS Score
8.1
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hdfgroup | Hdf5 | 1.10.2 |
Related Weaknesses (CWE)
References
- https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.mdThird Party Advisory
- https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html
- https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.mdThird Party Advisory
- https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html
FAQ
What is CVE-2018-11206?
CVE-2018-11206 is a vulnerability with a CVSS score of 8.1 (HIGH). An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure att...
How severe is CVE-2018-11206?
CVE-2018-11206 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11206?
Check the references section above for vendor advisories and patch information. Affected products include: Hdfgroup Hdf5.