CVE-2018-17233: Divide by Zero
First published: Thu Sep 20 2018(Updated: )
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HDF5 | <=1.10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17233?
CVE-2018-17233 is classified as a denial of service vulnerability due to a division by zero error.
How do I fix CVE-2018-17233?
To fix CVE-2018-17233, update the HDF5 library to version 1.10.4 or later.
What causes the CVE-2018-17233 vulnerability?
CVE-2018-17233 is caused by inadequate checks against division by zero in the H5D__create_chunk_file_map_hyper() function.
Who is affected by CVE-2018-17233?
Any user or application utilizing HDF5 versions up to 1.10.3 is affected by CVE-2018-17233.
What type of attack can CVE-2018-17233 enable?
CVE-2018-17233 can enable a remote denial of service attack through crafted HDF files.
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/hdfgroup
- canonical/hdf5
- version/hdf5/1.10.3