CVE-2016-4333 - OpenCVE

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hdfgroup	Hdf5

Configuration 1 [-]

cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2016/dsa-3727
http://www.securityfocus.com/bid/94416
http://www.talosintelligence.com/reports/TALOS-2016-0179/
https://nvd.nist.gov/vuln/detail/CVE-2016-4333
https://security.gentoo.org/glsa/201701-13
https://www.cve.org/CVERecord?id=CVE-2016-4333

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2016-11-18T20:00:00

Updated: 2024-08-06T00:25:14.453Z

Reserved: 2016-04-27T00:00:00

Link: CVE-2016-4333

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-11-18T20:59:05.193

Modified: 2017-11-04T01:29:19.990

Link: CVE-2016-4333

Redhat

Severity : Important

Publid Date: 2016-11-15T00:00:00Z

Links: CVE-2016-4333 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0179/"}, {"name": "94416", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94416"}, {"name": "GLSA-201701-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-13"}, {"name": "DSA-3727", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3727"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-4333", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.talosintelligence.com/reports/TALOS-2016-0179/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0179/"}, {"name": "94416", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94416"}, {"name": "GLSA-201701-13", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-13"}, {"name": "DSA-3727", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3727"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:25:14.453Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0179/"}, {"name": "94416", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94416"}, {"name": "GLSA-201701-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-13"}, {"name": "DSA-3727", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3727"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-4333", "datePublished": "2016-11-18T20:00:00", "dateReserved": "2016-04-27T00:00:00", "dateUpdated": "2024-08-06T00:25:14.453Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "917A1D77-B6E2-48F6-B9FF-04A1D1646529", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it."}, {"lang": "es", "value": "La librer\u00eda HDF5 1.8.16 que asigna espacio para la matric usando un valor del archivo tiene un impacto dentro del bucle para la inicializar dicha matriz permitiendo un valor dentro del archivo para modificar la finalizaci\u00f3n del bucle. Debido a esto, un agresor puede provocar que el \u00edndice del bucle apunte fuera de los l\u00edmites de la matriz cuando se inicializa."}], "id": "CVE-2016-4333", "lastModified": "2017-11-04T01:29:19.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-18T20:59:05.193", "references": [{"source": "cret@cert.org", "url": "http://www.debian.org/security/2016/dsa-3727"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/94416"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0179/"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201701-13"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hdf5: H5T_COMPOUND heap buffer overflow", "id": "1397708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397708"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.", "Multiple heap overflows were found in HDF5. These issues could be used to gain code execution in any program that exposes the affected functions to untrusted input. While HDF5 is shipped as a dependency, no Red Hat products are known to expose these issues in any supported use case at this time."], "name": "CVE-2016-4333", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "impact": "low", "package_name": "hdf5", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "hdf5", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "impact": "low", "package_name": "hdf5", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "impact": "low", "package_name": "hdf5", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "impact": "low", "package_name": "hdf5", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "impact": "low", "package_name": "hdf5", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2016-11-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4333\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4333\nhttp://www.talosintelligence.com/reports/TALOS-2016-0179/"], "threat_severity": "Important"}