Bug 1107069 (CVE-2018-16438) - VUL-1: CVE-2018-16438: hdf5: out of bounds read in H5L_extern_query at H5Lexternal.c
Summary: VUL-1: CVE-2018-16438: hdf5: out of bounds read in H5L_extern_query at H5Lext...
Status: RESOLVED FIXED
Alias: CVE-2018-16438
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/213709/
Whiteboard: CVSSv3:SUSE:CVE-2018-16438:2.8:(AV:L/...
Keywords:
Depends on:
Blocks: 1101742
  Show dependency treegraph
 
Reported: 2018-09-04 11:19 UTC by Marcus Meissner
Modified: 2024-07-19 12:41 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-09-04 11:19:07 UTC 
CVE-2018-16438

An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of
bounds read in H5L_extern_query at H5Lexternal.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16438
https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat
Comment 2 Egbert Eich 2022-05-05 10:42:02 UTC 
No upstream fix is available, yet.
Comment 3 Egbert Eich 2022-09-08 08:06:19 UTC 
SEGV during NULL pointer read:

 Program received signal SIGSEGV, Segmentation fault.
 0x00007ffff6604880 in H5L_extern_query (link_name=<optimized out>, _udata=0x0, 
     udata_size=0, buf=0x0, buf_size=0) at H5Lexternal.c:515
 515       if(((*udata >> 4) & 0x0F) != H5L_EXT_VERSION)
 (gdb) x/i $pc
 => 0x7ffff6604880 <H5L_extern_query+140>:     movzbl (%rsi),%eax
 (gdb) i r
 rsi            0x0                 0
 (gdb) p udata
 $1 = (const uint8_t *) 0x0
Comment 6 Swamp Workflow Management 2022-11-01 14:20:32 UTC 
SUSE-SU-2022:3824-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-3.15.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1, hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-11-01 14:22:41 UTC 
SUSE-SU-2022:3826-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-11-01 14:25:58 UTC 
SUSE-SU-2022:3825-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1
SUSE Linux Enterprise Module for HPC 15-SP4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-11-01 14:28:50 UTC 
SUSE-SU-2022:3827-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-11-01 14:32:30 UTC 
SUSE-SU-2022:3829-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1
openSUSE Leap 15.3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1
SUSE Linux Enterprise Module for HPC 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-11-01 14:34:00 UTC 
SUSE-SU-2022:3828-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Andrea Mattiazzo 2024-07-19 12:41:41 UTC 
All done, closing.