CVE-2018-11206

moderate-risk

Published 2018-05-16

An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.

Do I need to act?

0.77% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (1)

Hdf5

Affected Vendors

Hdfgroup

References (6)

Third Party Advisory https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md

Exploit https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5

https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html

Third Party Advisory https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md

Exploit https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5

https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal