Bug 1195215 – VUL-1: CVE-2021-46244: hdf5: division by zero in HDF5 v1.13.1-1 via the function H5T__complete_copy () at /hdf5/src/H5T.c

Bug 1195215 - (CVE-2021-46244) VUL-1: CVE-2021-46244: hdf5: division by zero in HDF5 v1.13.1-1 via the function H5T__complete_copy () at /hdf5/src/H5T.c

(CVE-2021-46244)
Summary:	VUL-1: CVE-2021-46244: hdf5: division by zero in HDF5 v1.13.1-1 via the funct...

Status:	IN_PROGRESS

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/321474/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-46244:3.3:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-01-27 12:53 UTC by Thomas Leroy
Modified:	2022-11-01 14:34 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-01-27 12:53:58 UTC

CVE-2021-46244

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function
H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic
exception, leading to a Denial of Service (DoS).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46244
https://github.com/HDFGroup/hdf5/issues/1327

Comment 1 Thomas Leroy 2022-01-27 12:57:43 UTC

I managed to reproduce the bug on the following codestreams:
- SUSE:SLE-15-SP1:Update    1.10.4
- SUSE:SLE-15-SP2:Update    1.10.5
- SUSE:SLE-15-SP3:Update    1.10.7
- openSUSE:Factory              1.10.7
- openSUSE:Backports:SLE-15-SP4        1.10.7
- openSUSE:Backports:SLE-15-SP3:Update 1.10.7

Comment 3 Egbert Eich 2022-05-05 10:42:33 UTC

This issue has been reported for version 1.13.1 from the 1.13 development branch. The reproducer does trigger an issue on 1.10 as well.
No upstream fix is available, yet.

Comment 4 Egbert Eich 2022-09-06 14:38:13 UTC

Program received signal SIGFPE, Arithmetic exception.
0x00007ffff7a5aeff in H5T_copy (old_dt=0x642250, method=method@entry=H5T_COPY_ALL) at H5T.c:3373
3373	                            new_dt->shared->u.compnd.memb[i].size = (old_dt->shared->u.compnd.memb[old_match].size*tmp->shared->size)/old_dt->shared->u.compnd.memb[old_match].type->shared->size;
=> 0x7ffff7a5aeff <H5T_copy+1741>:	div    %rdi
(gdb) p old_dt->shared->u.compnd.memb[old_match].type->shared->size
value has been optimized out
(gdb) i r
rdi            0x0                 0

Comment 7 Egbert Eich 2022-10-26 12:01:59 UTC

Comment 8 Swamp Workflow Management 2022-11-01 14:21:03 UTC

SUSE-SU-2022:3824-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-3.15.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.15.1, hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2022-11-01 14:23:10 UTC

SUSE-SU-2022:3826-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.7.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-11-01 14:26:28 UTC

SUSE-SU-2022:3825-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1
SUSE Linux Enterprise Module for HPC 15-SP4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.3.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2022-11-01 14:29:20 UTC

SUSE-SU-2022:3827-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-11-01 14:33:01 UTC

SUSE-SU-2022:3829-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1
openSUSE Leap 15.3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1
SUSE Linux Enterprise Module for HPC 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.6.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2022-11-01 14:34:29 UTC

SUSE-SU-2022:3828-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1093663,1101475,1101906,1107069,1111598,1125882,1167400,1194366,1194375,1195212,1195215
CVE References: CVE-2018-11205,CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2018-17439,CVE-2019-8396,CVE-2020-10812,CVE-2021-45830,CVE-2021-45833,CVE-2021-46242,CVE-2021-46244
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.7.1, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.