Out-of-Bounds Read Vulnerability in HDF5 Library
CVE-2024-32622

9.1CRITICAL

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-32622?

The HDF5 Library, specifically versions up to 1.14.3, is impacted by a vulnerability that allows for out-of-bounds read operations in the function H5FL_arr_malloc. This vulnerability can be triggered during the execution of the H5S_set_extent_simple function in H5S.c. Such issues can compromise the integrity of data and potentially expose sensitive information. Users are encouraged to upgrade to version 1.14.4 or later, which addresses this vulnerability effectively.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-32622?

References

CVSS V3.1

Timeline