From cd325fa330b308f04a2a9793e5879cecaede7f2d Mon Sep 17 00:00:00 2001
From: "LI, WENJIE" <liwenjie@kylinos.cn>
Date: Thu, 9 Nov 2023 09:47:10 +0800
Subject: [PATCH] add CVE-2018-13867.

---
 .../H5F__accum_read-Out_Of_Bound_Read         | Bin 0 -> 1952 bytes
 cve/hdf5/2018/CVE-2018-13867/README.md        |   3 +++
 cve/hdf5/2018/yaml/CVE-2018-13867.yaml        |  19 ++++++++++++++++++
 openkylin_list.yaml                           |   2 ++
 4 files changed, 24 insertions(+)
 create mode 100755 cve/hdf5/2018/CVE-2018-13867/H5F__accum_read-Out_Of_Bound_Read
 create mode 100644 cve/hdf5/2018/CVE-2018-13867/README.md
 create mode 100644 cve/hdf5/2018/yaml/CVE-2018-13867.yaml

diff --git a/cve/hdf5/2018/CVE-2018-13867/H5F__accum_read-Out_Of_Bound_Read b/cve/hdf5/2018/CVE-2018-13867/H5F__accum_read-Out_Of_Bound_Read
new file mode 100755
index 0000000000000000000000000000000000000000..f7570524aa12d120439d2b0e1a77d3715450b270
GIT binary patch
literal 1952
zcmeD5aB<`1lHy_j0S*oZ76t(ZW-tdr{D*=C?5KR0k_Ax3j8K6FC?f&N_i%L#05hTD
z0#I?7xiFe5Ck0s<!w0Ck;ZB7Fxw<kiFfzcx0Y=089l-`+aliyd=@AtIj0{Y`)WN`@
z0QI#XFn@yh4bc3Q02PN(u>2+g6@aCi56GDsC<oOJGz|hE>5ySG9YVunltK*wT<MU5
h1)}Z(TKWq1^LJqcrZQOi(}0#^uylt@AF8dRJOHEqP^$m{

literal 0
HcmV?d00001

diff --git a/cve/hdf5/2018/CVE-2018-13867/README.md b/cve/hdf5/2018/CVE-2018-13867/README.md
new file mode 100644
index 00000000..173cdc97
--- /dev/null
+++ b/cve/hdf5/2018/CVE-2018-13867/README.md
@@ -0,0 +1,3 @@
+h5dump H5F__accum_read-Out_Of_Bound_Read
+
+段错误 (核心已转储)
\ No newline at end of file
diff --git a/cve/hdf5/2018/yaml/CVE-2018-13867.yaml b/cve/hdf5/2018/yaml/CVE-2018-13867.yaml
new file mode 100644
index 00000000..ea45b40c
--- /dev/null
+++ b/cve/hdf5/2018/yaml/CVE-2018-13867.yaml
@@ -0,0 +1,19 @@
+id: CVE-2018-13867
+source: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
+info:
+  name: HDF5是一套免费的用于管理存储不同类型数据的工具套件，它能够管理、操作、查看、分析数据，并生成可移植格式的文件。
+  severity: high
+  description: |
+    HDF5 1.8.20版本中的H5Faccum.c文件的‘H5F__accum_read’函数存在越界读取漏洞。攻击者可通过诱使用户打开特制的文件利用该漏洞造成应用程序崩溃。
+  scope-of-influence:
+    hdf5:1.8.20
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-13867
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2018-13867
+    cwe-id: CWE-125
+    cnvd-id: None
+    kve-id: None
+  tags: CVE2018, hdf5
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 65c56aef..6faa9354 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -89,6 +89,8 @@ cve:
     - CVE-2023-1175
     - CVE-2023-1264
     - CVE-2023-1355
+  hdf5:
+    - CVE-2018-13867
 cnvd:
   
 kve:
-- 
Gitee