{
  "threat_severity" : "Low",
  "public_date" : "2022-01-05T00:00:00Z",
  "bugzilla" : {
    "description" : "hdf5: heap buffer overflow vulnerability in H5F_addr_decode_len in /hdf5/src/H5Fint.c",
    "id" : "2049121",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2049121"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service." ],
  "statement" : "In Red Hat OpenStack Platform 16 the hdf5 package is not actually utilized. Red Hat OpenStack Platform 13 will be retiring soon. For these reasons and because the flaw's impact is lower, no update will be provided at this time for the hdf5 package.",
  "package_state" : [ {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Out of support scope",
    "package_name" : "hdf5",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Will not fix",
    "package_name" : "hdf5",
    "cpe" : "cpe:/a:redhat:openstack:16.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-45830\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45830" ],
  "name" : "CVE-2021-45830",
  "csaw" : false
}