4 HDF5 Library Flaws Fixed

Monday, November 28, 2016 @ 04:11 PM gHale

Four code execution flaws in the HDF5 library have undergone the patching process, said researchers.

HDF5 is a data model, library and file format designed for storing and managing large and complex data collections. HDF5 is maintained by The HDF Group and it’s used in various industries by organizations such as Ford, SpaceX, Lofar, Energistics and the Allotrope Foundation.

Twitter Hacked, Popular Accounts Targeted
Palo Alto Networks Fixes Flaws
Cisco Fixes Email Security Appliance
3D Manufacturing Hack Downs Drone

HDF5 1.8.16 and possibly earlier versions ended up affected by four local heap-based buffer overflow vulnerabilities, said researchers at Cisco’s Talos Vulnerability Development Team. Attackers can execute arbitrary code in the context of the application using the library if they can convince the user to open a specially crafted file.

The flaws end up caused by failure to check if the number of dimensions for an array read from a file is within bounds, failure to check bounds when decoding data from a dataset encoded with H5Z_NBIT, failure to check if specific message types support a certain flag, and inadequate handling of certain values in memory when parsing an HDF file.

The following CVE identifiers have been assigned to these vulnerabilities: CVE-2016-4330, CVE-2016-4331, CVE-2016-4332 and CVE-2016-4333.

The issues ended up reported by Talos researchers in mid-May and resolved this month with the release of version 1.8.18. Talos published technical details for each of the vulnerabilities and released Snort rules to help its customers detect exploitation attempts.

Leave a Reply

You must be logged in to post a comment.