Lucene search

Veracode Vulnerability DatabaseVERACODE:43621

HistoryOct 09, 2023 - 7:39 a.m.

Denial Of Service (DoS)

2023-10-0907:39:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

stack-based buffer overflow

libhdf5.so

h5eint.c

application crash

maliciously crafted input

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.1%

JSON

libhdf5.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the stack-based buffer overflow in H5Eint.c, which allows an attacker to cause an application crash by providing a maliciously crafted input.

References

bugzilla.suse.com/show_bug.cgi?id=1194374

github.com/advisories/GHSA-hvh7-f5p9-68g8

github.com/HDFGroup/hdf5/issues/1315

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.1%

JSON

Related for VERACODE:43621