Heap-Based Buffer Over-Read in HDF5 Library
CVE-2024-32613

7.4HIGH

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32613?

The HDF5 Library, up to version 1.14.3, exhibits a vulnerability characterized by a heap-based buffer over-read in the function H5HL__fl_deserialize found in the file H5HLcache.c. This flaw poses potential risks to the integrity of data processed by the library and underscores the necessity for users to upgrade to the latest version for improved security. It is essential to recognize that this issue is distinct from similar vulnerabilities, highlighting the importance of staying informed about specific exposures within library implementations.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-32613?

References

CVSS V3.1

Timeline