Vulnerability Details : CVE-2020-10811
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
Vulnerability category: Denial of service
Products affected by CVE-2020-10811
- cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10811
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10811
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2020-10811
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10811
-
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
hdf5-reports/Vuln_2 at master · Loginsoft-Research/hdf5-reports · GitHubExploit;Third Party Advisory
-
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
Source of RELEASE.txt - hdf5 - BitbucketRelease Notes;Third Party Advisory
-
https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/
Heap buffer overflow in H5Olayout.c – HDF5 - 1.13.0 - Loginsoft ResearchExploit;Third Party Advisory
Jump to