{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"hdf5 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for hdf5 is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.\n\nSecurity Fix(es):\n\nA buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka \"Invalid write of size 2.\"(CVE-2019-8396)\n\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.(CVE-2018-13867)\n\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.(CVE-2018-14033)\n\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.(CVE-2018-14460)\n\nAn issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.(CVE-2020-10811)\n\nBuffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.(CVE-2021-37501)", "category":"general", "title":"Description" }, { "text":"An update for hdf5 is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"hdf5", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2023-1328", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" }, { "summary":"CVE-2019-8396", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2019-8396&packageName=hdf5" }, { "summary":"CVE-2018-13867", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2018-13867&packageName=hdf5" }, { "summary":"CVE-2018-14033", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2018-14033&packageName=hdf5" }, { "summary":"CVE-2018-14460", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2018-14460&packageName=hdf5" }, { "summary":"CVE-2020-10811", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2020-10811&packageName=hdf5" }, { "summary":"CVE-2021-37501", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-37501&packageName=hdf5" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8396" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13867" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14033" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14460" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10811" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37501" }, { "summary":"openEuler-SA-2023-1328 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2023/csaf-openeuler-sa-2023-1328.json" } ], "title":"An update for hdf5 is now available for openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2023-06-03T14:18:59+08:00", "revision_history":[ { "date":"2023-06-03T14:18:59+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T14:18:59+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T14:18:59+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T14:18:59+08:00", "id":"openEuler-SA-2023-1328", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"hdf5-1.12.1-2.oe1.aarch64.rpm" }, "name":"hdf5-1.12.1-2.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-devel-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"hdf5-devel-1.12.1-2.oe1.aarch64.rpm" }, "name":"hdf5-devel-1.12.1-2.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm" }, "name":"hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm" }, "name":"hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-1.12.1-2.oe1.src.rpm(20.03-LTS-SP1)", "name":"hdf5-1.12.1-2.oe1.src.rpm" }, "name":"hdf5-1.12.1-2.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-devel-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"hdf5-devel-1.12.1-2.oe1.x86_64.rpm" }, "name":"hdf5-devel-1.12.1-2.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm" }, "name":"hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"hdf5-1.12.1-2.oe1.x86_64.rpm" }, "name":"hdf5-1.12.1-2.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm" }, "name":"hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "name":"hdf5-1.12.1-2.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-devel-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "name":"hdf5-devel-1.12.1-2.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-debugsource-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "name":"hdf5-debugsource-1.12.1-2.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-debuginfo-1.12.1-2.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "name":"hdf5-debuginfo-1.12.1-2.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-1.12.1-2.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "name":"hdf5-1.12.1-2.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-devel-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "name":"hdf5-devel-1.12.1-2.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-debuginfo-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "name":"hdf5-debuginfo-1.12.1-2.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "name":"hdf5-1.12.1-2.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"hdf5-debugsource-1.12.1-2.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64", "name":"hdf5-debugsource-1.12.1-2.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2019-8396", "notes":[ { "text":"A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka Invalid write of size 2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2019-8396" }, { "cve":"CVE-2018-13867", "notes":[ { "text":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2018-13867" }, { "cve":"CVE-2018-14033", "notes":[ { "text":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2018-14033" }, { "cve":"CVE-2018-14460", "notes":[ { "text":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2018-14460" }, { "cve":"CVE-2020-10811", "notes":[ { "text":"An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-10811" }, { "cve":"CVE-2021-37501", "notes":[ { "text":"Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1328" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.aarch64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.src", "openEuler-20.03-LTS-SP1:hdf5-devel-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debuginfo-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-1.12.1-2.oe1.x86_64", "openEuler-20.03-LTS-SP1:hdf5-debugsource-1.12.1-2.oe1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2021-37501" } ] }