add CVE-2018-13870.

2023-11-09 09:52:40 +08:00 · 2023-11-09 09:52:40 +08:00 · 3d55f0d55d
parent cd325fa330
commit 3d55f0d55d
4 changed files with 23 additions and 0 deletions
--- a/cve/hdf5/2018/CVE-2018-13870/H5O_link_decode-heap-buffer-overflow
+++ b/cve/hdf5/2018/CVE-2018-13870/H5O_link_decode-heap-buffer-overflow
--- a/cve/hdf5/2018/CVE-2018-13870/README.md
+++ b/cve/hdf5/2018/CVE-2018-13870/README.md
@ -0,0 +1,3 @@
+h5dump H5O_link_decode-heap-buffer-overflow
+
+段错误 (核心已转储)
--- a/cve/hdf5/2018/yaml/CVE-2018-13870.yaml
+++ b/cve/hdf5/2018/yaml/CVE-2018-13870.yaml
@ -0,0 +1,19 @@
+id: CVE-2018-13870
+source: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
+info:
+  name: HDF5是一套免费的用于管理存储不同类型数据的工具套件，它能够管理、操作、查看、分析数据，并生成可移植格式的文件。
+  severity: high
+  description: |
+    HDF5 1.8.20版本中的H5Olink.c文件的‘H5O_link_decode’函数存在安全漏洞。攻击者可通过诱使用户打开特制的文件利用该漏洞造成应用程序崩溃（越界读取）。
+  scope-of-influence:
+    hdf5:1.8.20
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-13870
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2018-13870
+    cwe-id: CWE-125
+    cnvd-id: None
+    kve-id: None
+  tags: CVE2018, hdf5
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@ -91,6 +91,7 @@ cve:
    - CVE-2023-1355
  hdf5:
    - CVE-2018-13867
+    - CVE-2018-13870
 cnvd:
  
 kve: