Bug 1109564 – VUL-0: CVE-2018-17432: hdf5: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

Bug 1109564 - (CVE-2018-17432) VUL-0: CVE-2018-17432: hdf5: A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.

(CVE-2018-17432)
Summary:	VUL-0: CVE-2018-17432: hdf5: A NULL pointer dereference in H5O_sdspace_encode...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	HPC Issue Tracker
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/215497/
Whiteboard:	CVSSv3:SUSE:CVE-2018-17432:6.5:(AV:N...
Keywords:

Depends on:
Blocks:	1101742
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-09-25 06:46 UTC by Alexander Bergmann
Modified:	2022-09-05 13:51 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2018-09-25 06:46:25 UTC

CVE-2018-17432

A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF
HDF5 through 1.10.3 library allows attackers to cause a denial of service via a
crafted HDF5 file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17432
http://www.cvedetails.com/cve/CVE-2018-17432/
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode

Comment 2 OBSbugzilla Bot 2022-05-04 12:40:12 UTC

This is an autogenerated message for OBS integration:
This bug (1109564) was mentioned in
https://build.opensuse.org/request/show/974903 Factory / hdf5

Comment 3 Egbert Eich 2022-05-05 10:40:12 UTC

This issue has been fixed in 1.10.8.

Comment 8 Swamp Workflow Management 2022-06-01 13:18:11 UTC

SUSE-SU-2022:1903-1: An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available.

Category: security (important)
Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604
Sources used:
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2022-06-01 19:19:30 UTC

SUSE-SU-2022:1910-1: An update that solves 27 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1167401,1167404,1167405,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-06-02 13:17:49 UTC

SUSE-SU-2022:1912-1: An update that solves 15 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1093657,1101471,1101474,1102175,1109167,1109168,1109564,1109565,1109566,1109568,1109569,1109570,1167401,1167404,1167405,1179521,1196682
CVE References: CVE-2018-11206,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2
openSUSE Leap 15.3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2
SUSE Linux Enterprise Module for HPC 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-06-02 13:20:43 UTC

SUSE-SU-2022:1911-1: An update that solves 27 vulnerabilities, contains four features and has 8 fixes is now available.

Category: security (important)
Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1116458,1124509,1133222,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604
Sources used:
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3, suse-hpc-0.5.20220206.0c6b168-150000.11.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3, suse-hpc-0.5.20220206.0c6b168-150000.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-06-03 13:18:15 UTC

SUSE-SU-2022:1933-1: An update that solves 27 vulnerabilities, contains four features and has 17 fixes is now available.

Category: security (important)
Bug References: 1058563,1072087,1072090,1072108,1072111,1080022,1080259,1080426,1080442,1082209,1084951,1088547,1091237,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1116458,1124509,1133222,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-3.12.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2, hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2, suse-hpc-0.5.20220206.0c6b168-5.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Egbert Eich 2022-09-05 13:51:51 UTC

This accesses a NULL pointer for reading:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff66b5aea in H5O_sdspace_encode (_mesg=<optimized out>, 
    p=0x612000027968 "", f=<optimized out>) at H5Osdspace.c:272
272	            H5F_ENCODE_LENGTH(f, p, sdim->size[u]);
(gdb)  x/i $pc
=> 0x7ffff66b5aea <H5O_sdspace_shared_encode+1665>:	mov    (%rax),%rdx
(gdb) i r
rax            0x0                 0

Unlikely to be exploitable.

Fix released.