一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属组件：hdf5

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/doc/md/manual.md

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属组件：hdf5

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞创建时间：2021-09-26 18:11:56

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/doc/md/manual.md

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

5.5

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.openEuler-20.03-LTS(1.8.20):

2.openEuler-20.03-LTS-SP1(1.8.20):

3.openEuler-20.03-LTS-SP2(1.8.20):

修复是否涉及abi变化(是/否)：

1.openEuler-20.03-LTS(1.8.20):

2.openEuler-20.03-LTS-SP1(1.8.20):

3.openEuler-20.03-LTS-SP2(1.8.20):

一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属的版本：1.8.20

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞创建时间：2021-09-26 18:11:56

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属组件：[hdf5](https://gitee.com/src-openeuler/hdf5)

漏洞归属的版本：1.8.20

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞创建时间：2021-09-26 18:11:56

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | | |

| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-10809 | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

5.5

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.openEuler-20.03-LTS-SP1(1.12.1):受影响

2.openEuler-20.03-LTS-SP3(1.12.1):受影响

3.openEuler-20.03-LTS-SP4:受影响

4.openEuler-22.03-LTS-SP1(1.12.1):受影响

5.openEuler-22.03-LTS-SP2(1.12.1):受影响

6.openEuler-22.03-LTS-SP3:受影响

7.openEuler-22.03-LTS(1.10.8):不受影响

修复是否涉及abi变化(是/否)：

1.openEuler-20.03-LTS-SP1(1.12.1):否

2.openEuler-20.03-LTS-SP3(1.12.1):否

3.openEuler-20.03-LTS-SP4:否

4.openEuler-22.03-LTS(1.10.8):否

5.openEuler-22.03-LTS-SP1(1.12.1):否

6.openEuler-22.03-LTS-SP2(1.12.1):否

7.openEuler-22.03-LTS-SP3:否

一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属组件：[hdf5](https://gitee.com/src-openeuler/hdf5)

漏洞归属的版本：1.8.20

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞创建时间：2021-09-26 18:11:56

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | | |

| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-10809 | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

5.5

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.openEuler-20.03-LTS-SP1(1.12.1):受影响

2.openEuler-20.03-LTS-SP3(1.12.1):受影响

3.openEuler-20.03-LTS-SP4:受影响

4.openEuler-22.03-LTS-SP1(1.12.1):受影响

5.openEuler-22.03-LTS-SP2(1.12.1):受影响

6.openEuler-22.03-LTS-SP3:受影响

7.openEuler-22.03-LTS(1.10.8):不受影响

修复是否涉及abi变化(是/否)：

1.openEuler-20.03-LTS-SP1(1.12.1):否

2.openEuler-20.03-LTS-SP3(1.12.1):否

3.openEuler-20.03-LTS-SP4:否

4.openEuler-22.03-LTS(1.10.8):否

5.openEuler-22.03-LTS-SP1(1.12.1):否

6.openEuler-22.03-LTS-SP2(1.12.1):否

7.openEuler-22.03-LTS-SP3:否

一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属组件：[hdf5](https://gitee.com/src-openeuler/hdf5)

漏洞归属的版本：1.8.20

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞创建时间：2021-09-26 18:11:56

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | | |

| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-10809 | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

openEuler评分：

5.5

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.openEuler-20.03-LTS-SP1(1.12.1):受影响

2.openEuler-20.03-LTS-SP3(1.12.1):受影响

3.openEuler-20.03-LTS-SP4:受影响

4.openEuler-22.03-LTS-SP1(1.12.1):受影响

5.openEuler-22.03-LTS-SP2(1.12.1):受影响

6.openEuler-22.03-LTS-SP3:受影响

一、漏洞信息

漏洞编号：[CVE-2020-10809](https://nvd.nist.gov/vuln/detail/CVE-2020-10809)

漏洞归属组件：[hdf5](https://gitee.com/src-openeuler/hdf5)

漏洞归属的版本：1.8.20

CVSS V3.0分值：

BaseScore：5.5 Medium

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

漏洞简述：

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.

漏洞公开时间：2020-03-23 02:15

漏洞创建时间：2021-09-26 18:11:56

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2020-10809

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| | | |

| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-10809 | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

5.5

Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响)：

1.openEuler-20.03-LTS-SP1(1.12.1):受影响

2.openEuler-20.03-LTS-SP3(1.12.1):受影响

3.openEuler-20.03-LTS-SP4:受影响

4.openEuler-22.03-LTS-SP1(1.12.1):受影响

5.openEuler-22.03-LTS-SP2(1.12.1):受影响

6.openEuler-22.03-LTS-SP3:受影响

7.master(1.12.1):受影响

8.openEuler-22.03-LTS-Next(1.12.1):受影响

9.openEuler-22.03-LTS(1.10.8):不受影响

修复是否涉及abi变化(是/否)：

1.openEuler-20.03-LTS-SP1(1.12.1):否

2.openEuler-20.03-LTS-SP3(1.12.1):否

3.openEuler-20.03-LTS-SP4:否

4.openEuler-22.03-LTS(1.10.8):否

5.openEuler-22.03-LTS-SP1(1.12.1):否

6.openEuler-22.03-LTS-SP2(1.12.1):否

7.openEuler-22.03-LTS-SP3:否

8.master(1.12.1):否

9.openEuler-22.03-LTS-Next(1.12.1):否