FKIE_CVE-2016-4332

Vulnerability from fkie_nvd - Published: 2016-11-18 20:59 - Updated: 2025-04-12 10:46
Severity ?
8.6 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.
References
cret@cert.orghttp://www.debian.org/security/2016/dsa-3727
cret@cert.orghttp://www.securityfocus.com/bid/94417
cret@cert.orghttp://www.talosintelligence.com/reports/TALOS-2016-0178/Exploit, Technical Description, Third Party Advisory
cret@cert.orghttps://security.gentoo.org/glsa/201701-13
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3727
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94417
af854a3a-2127-422b-91ae-364da2661108http://www.talosintelligence.com/reports/TALOS-2016-0178/Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-13
Impacted products
Vendor Product Version
hdfgroup hdf5 1.8.16
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "917A1D77-B6E2-48F6-B9FF-04A1D1646529",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The library\u0027s failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren\u0027t supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library."
    },
    {
      "lang": "es",
      "value": "El fallo de la librer\u00eda para comprobar si ciertos tipos de mensajes soportan un indicador particular, la librer\u00eda HDF5 1.8.16 emitir\u00e1 la estructura para una estructura alternativa y asignara a los campos que no son admitidos por este tipo de mensaje y la librer\u00eda escribir\u00e1 fuera de los l\u00edmites de b\u00fafer de la memoria din\u00e1mica. Esto puede conducir\u00e1 a la ejecuci\u00f3n de c\u00f3digo bajo el contexto de la librer\u00eda."
    }
  ],
  "id": "CVE-2016-4332",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-18T20:59:03.693",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://www.debian.org/security/2016/dsa-3727"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/94417"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0178/"
    },
    {
      "source": "cret@cert.org",
      "url": "https://security.gentoo.org/glsa/201701-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0178/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201701-13"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.