Heap-Based Buffer Overflow in HDF5 Library Affects Data Management
CVE-2024-32621

9.8CRITICAL

Key Information:

Vendor: The HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

🔔 Create The HDF Group Vulnerability Alert

What is CVE-2024-32621?

The HDF5 Library, widely used for managing and storing large datasets, contains a vulnerability in its handling of blob data. Specifically, a heap-based buffer overflow exists in the H5HG_read function, which may lead to corruption of the instruction pointer. This flaw can potentially allow an attacker to exploit the mismanagement of memory allocation, causing instability in applications that rely on the HDF5 Library for data management. Users should review their current versions and update to avoid potential security implications.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024