【CVE修复】CVE-2024-32622 · Issue #I9QMN3 · OpenCloudOS Stream/hdf5 - Gitee.com

/ 详情

已完成

bug

拥有者

创建于

2024-05-20 14:31

【软件包名】

hdf5

【CVE ID】

CVE-2024-32622

【漏洞评级】

High

【评分向量】

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

【CWE ID】

【漏洞描述】

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).

【参考链接】

<div>
    <div class="document">
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【软件包名】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">hdf5</span><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【CVE ID】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">CVE-2024-32622</span><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【漏洞评级】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">High</span><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【评分向量】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</span><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【CWE ID】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【漏洞描述】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).</span><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-weight: 400; font-style: italic; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <p style="text-align: left; line-height: 1.3; margin-top: 4px; margin-bottom: 4px;" class="paragraph text-align-type-left pap-line-1.3 pap-line-rule-auto pap-spacing-before-3pt pap-spacing-after-3pt"><strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;">【参考链接】</span></strong><span style="font-size: 14.63px; font-family: Helvetica Neue,Helvetica,PingFang SC,Microsoft YaHei,Source Han Sans SC,Noto Sans CJK SC,WenQuanYi Micro Hei,sans-serif; font-style: normal; text-decoration: 333333; background: transparent; letter-spacing: 0.00px; vertical-align: baseline;"></span></p>
        <br>
    </div>
</div>

创建了bug

添加了

CVE

标签

关联了OpenCloudOS Stream/hdf5 Pull Request !2

将任务状态从 待办的 修改为已完成

展开全部操作日志

登录后才可以发表评论

状态

负责人

项目

里程碑

Pull Requests

关联的 Pull Requests 被合并后可能会关闭此 issue

分支

开始日期 - 截止日期

-

置顶选项

优先级

预计工期（小时）

参与者（1）

1

https://gitee.com/opencloudos-stream/hdf5.git

git@gitee.com:opencloudos-stream/hdf5.git

opencloudos-stream

hdf5

hdf5