CVE-2018-17233 Information

Feb 14, 2021 cve

Description

A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file because of incorrect protection against division by zero. It could allow a remote denial of service attack.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2divided-by-zero—h5d__create_chunk_file_map_hyper_div_zero

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5

Share on: