CVE-2020-10811

一、漏洞信息
 漏洞编号：[CVE-2020-10811](https://nvd.nist.gov/vuln/detail/CVE-2020-10811)
 漏洞归属组件：[hdf5](https://gitee.com/src-openeuler/hdf5)
 漏洞归属的版本：1.8.20
 CVSS V3.0分值：
  BaseScore：5.5 Medium
  Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
 漏洞简述：
  An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.
 漏洞公开时间：2020-03-23 02:15
 漏洞创建时间：2021-09-26 18:14:37
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2020-10811
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| MISC | https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 |  |
| MISC | https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ |  |
| MISC | https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt |  |
| nvd | https://access.redhat.com/security/cve/CVE-2020-10811 |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10811 |  |
| suse_bugzilla | https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 |  |
| suse_bugzilla | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811 |  |
| suse_bugzilla | https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt |  |
| suse_bugzilla | https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 |  |
| redhat_bugzilla | https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 |  |
| redhat_bugzilla | https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ |  |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10811 |  |
| ubuntu | https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 |  |
| ubuntu | https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ |  |
| ubuntu | https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt |  |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2020-10811 |  |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2020-10811 |  |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2020-10811 |  |
| debian | https://security-tracker.debian.org/tracker/CVE-2020-10811 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
    在 HDF5 到 1.12.0 中发现了一个问题。位于 H5Olayout.c 中的函数 H5O__layout_decode() 中存在基于堆的缓冲区过度读取。它允许攻击者造成拒绝服务。 
 openEuler评分：
  5.5
 Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(1.12.1):受影响
2.openEuler-20.03-LTS-SP3(1.12.1):受影响
3.openEuler-22.03-LTS(1.10.8):受影响
4.openEuler-22.03-LTS-SP1(1.12.1):不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(1.12.1):否
2.openEuler-20.03-LTS-SP3(1.12.1):否
3.openEuler-22.03-LTS(1.10.8):否
4.openEuler-22.03-LTS-SP1(1.12.1):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2023-1328

src-openEuler/hdf5

内容风险标识

评论 (10)

src-openEuler/hdf5 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2020-10811

评论 (10)

搜索帮助

src-openEuler/hdf5