CVE-2016-4332

Exploit

EPSS 0.11%
Veröffentlicht 18.11.2016 20:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hdfgroup ≫ Hdf5 Version1.8.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.3

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	1.8	6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2016/dsa-3727

https://security.gentoo.org/glsa/201701-13

http://www.securityfocus.com/bid/94417

http://www.talosintelligence.com/reports/TALOS-2016-0178/

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2016-4332

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4332

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4332

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-4332