Bugzilla – Bug 1207973
VUL-0: CVE-2021-37501: hdf5: buffer overflow in hdf5-h5dump 1.10.8 through 1.13.0
Last modified: 2024-06-10 08:40:04 UTC
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37501 https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md https://github.com/HDFGroup/hdf5 https://www.cve.org/CVERecord?id=CVE-2021-37501
https://github.com/advisories/GHSA-rfgw-5vq3-wrjf https://github.com/HDFGroup/hdf5/issues/2458
My upstream submission has not yet been reviewed. Since this is not embargoed I will submit the fox to Factory.
This is an autogenerated message for OBS integration: This bug (1207973) was mentioned in https://build.opensuse.org/request/show/1066251 Factory / hdf5
SUSE-SU-2023:0691-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1207973 CVE References: CVE-2021-37501 Sources used: HPC Module 12 (src): hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.18.1, hdf5_1_10_8-gnu-hpc-1.10.8-3.18.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Marking as fixed.
SUSE-SU-2023:0777-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1207973 CVE References: CVE-2021-37501 Sources used: HPC Module 15-SP4 (src): hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1 SUSE Package Hub 15 15-SP4 (src): hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150400.3.6.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150400.3.6.1, hdf5-1.10.8-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1563-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1207973 CVE References: CVE-2021-37501 Sources used: openSUSE Leap 15.4 (src): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.9.1 HPC Module 15-SP3 (src): hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.9.1, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0538-1: An update that solves five vulnerabilities and contains one feature can now be installed. Category: security (moderate) Bug References: 1011205, 1093641, 1125882, 1167400, 1207973 CVE References: CVE-2016-4332, CVE-2018-11202, CVE-2019-8396, CVE-2020-10812, CVE-2021-37501 Jira References: PED-7816 Sources used: openSUSE Leap 15.4 (src): hdf5_1_10_11-gnu-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi3-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mpich-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi4-hpc-1.10.11-150400.3.12.1 openSUSE Leap 15.5 (src): hdf5_1_10_11-gnu-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi3-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mpich-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi4-hpc-1.10.11-150400.3.12.1 HPC Module 15-SP5 (src): hdf5_1_10_11-gnu-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi3-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mpich-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi4-hpc-1.10.11-150400.3.12.1 SUSE Package Hub 15 15-SP5 (src): hdf5_1_10_11-gnu-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi3-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mvapich2-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-mpich-hpc-1.10.11-150400.3.12.1, hdf5_1_10_11-gnu-openmpi4-hpc-1.10.11-150400.3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.