{
  "id": "CVE-2016-4333",
  "sourceIdentifier": "cret@cert.org",
  "published": "2016-11-18T20:59:05.193",
  "lastModified": "2017-11-04T01:29:19.990",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda HDF5 1.8.16 que asigna espacio para la matric usando un valor del archivo tiene un impacto dentro del bucle para la inicializar dicha matriz permitiendo un valor dentro del archivo para modificar la finalizaci\u00f3n del bucle. Debido a esto, un agresor puede provocar que el \u00edndice del bucle apunte fuera de los l\u00edmites de la matriz cuando se inicializa."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hdfgroup:hdf5:1.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "917A1D77-B6E2-48F6-B9FF-04A1D1646529"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.debian.org/security/2016/dsa-3727",
      "source": "cret@cert.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/94416",
      "source": "cret@cert.org"
    },
    {
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0179/",
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://security.gentoo.org/glsa/201701-13",
      "source": "cret@cert.org"
    }
  ]
}