add CVE-2018-13870.

This commit is contained in:
LI, WENJIE 2023-11-09 09:52:40 +08:00
parent cd325fa330
commit 3d55f0d55d
4 changed files with 23 additions and 0 deletions

View File

@ -0,0 +1,3 @@
h5dump H5O_link_decode-heap-buffer-overflow
段错误 (核心已转储)

View File

@ -0,0 +1,19 @@
id: CVE-2018-13870
source: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
info:
name: HDF5是一套免费的用于管理存储不同类型数据的工具套件它能够管理、操作、查看、分析数据并生成可移植格式的文件。
severity: high
description: |
HDF5 1.8.20版本中的H5Olink.c文件的H5O_link_decode函数存在安全漏洞。攻击者可通过诱使用户打开特制的文件利用该漏洞造成应用程序崩溃越界读取
scope-of-influence:
hdf5:1.8.20
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-13870
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-13870
cwe-id: CWE-125
cnvd-id: None
kve-id: None
tags: CVE2018, hdf5

View File

@ -91,6 +91,7 @@ cve:
- CVE-2023-1355 - CVE-2023-1355
hdf5: hdf5:
- CVE-2018-13867 - CVE-2018-13867
- CVE-2018-13870
cnvd: cnvd:
kve: kve: