Heap-based Buffer Overflow in HDF5 Library
CVE-2024-33877

8.8HIGH

Key Information:

Vendor: HDF Group
Status: Hdf5
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-33877?

The HDF5 Library, widely used for managing complex data, is susceptible to a heap-based buffer overflow condition due to flaws in the H5T__conv_struct_opt function located in H5Tconv.c. This vulnerability in versions preceding 1.14.4 can potentially be exploited, leading to unauthorized access or manipulation of memory, which may compromise the integrity and security of applications that depend on the library. Users and developers are encouraged to upgrade to the latest version to mitigate exposure.

References

https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixe...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

HDF Group

What is CVE-2024-33877?

References

CVSS V3.1

Timeline