Stack Consumption Vulnerability in HDF5 Library
CVE-2024-32609

7.5HIGH

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32609?

The HDF5 Library, a widely used data management tool developed by the HDF Group, contains a vulnerability that can lead to excessive stack consumption in the function H5E_printf_stack located in H5Eint.c. This flaw could be exploited through specially crafted inputs, potentially causing an application to crash or behave unpredictably. Users of versions prior to 1.14.4 are advised to update to the latest version to mitigate this vulnerability and enhance the security of their applications.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024