CVE-2016-4332

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

CVSS v3.0 8.6 HIGH
CVSS v2.0 6.9 MEDIUM

8.6^/10

CVSS v3.0 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.talosintelligence.com/reports/TALOS-2016-0178/	Exploit Technical Description Third Party Advisory
http://www.securityfocus.com/bid/94417
https://security.gentoo.org/glsa/201701-13
http://www.debian.org/security/2016/dsa-3727

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*

Information

Published : 2016-11-18 12:59

Updated : 2017-11-03 18:29

NVD link : CVE-2016-4332

Mitre link : CVE-2016-4332

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

hdfgroup

hdf5

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.talosintelligence.com/reports/TALOS-2016-0178/", "name": "http://www.talosintelligence.com/reports/TALOS-2016-0178/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/94417", "name": "94417", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201701-13", "name": "GLSA-201701-13", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.debian.org/security/2016/dsa-3727", "name": "DSA-3727", "tags": [], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-4332", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}}, "publishedDate": "2016-11-18T20:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-11-04T01:29Z"}