CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-32608

CVSS 9.8v3.1pub. 2024-10-09upd. 2025-03-25

HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-787 (out-of-bounds write) involves improper memory management during HDF5 attribute closure in the H5A__close function. An erroneous write operation outside the allocated memory area leads to instruction pointer corruption. An attacker can prepare a malicious HDF5 file, which when processed by the vulnerable library will trigger this error.

Impact

An attacker can cause an application using the HDF5 library to crash (DoS) or, under favorable circumstances, execute arbitrary code in the context of the process handling the file (RCE). A high CVSS score of 9.8 indicates a complete threat to system confidentiality, integrity, and availability.

Mitigation & patch

The HDF5 library should be updated to version 1.14.4 or later, in which the vulnerability was removed by the vendor. Details available at: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

Who is affected

HDF5 library (HDF Group) in versions up to and including 1.14.3.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hdfgroup Hdf5

    APP
    Hdfgroup
    < 1.14.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2024-29164CRITICAL9.8PL ✓ten sam produkt

Stack buffer overflow w HDF5 — RCE lub DoS przez uszkodzenie wskaźnika instrukcji

CVE-2024-32611CRITICAL9.8PL ✓ten sam produkt

HDF5 Library: użycie niezainicjowanej wartości w H5A__attr_release_table

CVE-2024-29157CRITICAL9.8PL ✓ten sam produkt

HDF5: heap buffer overflow w H5HG_read umożliwiający RCE lub DoS

CVE-2024-29159CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w HDF5 H5Z__filter_scaleoffset – RCE lub DoS

CVE-2024-32615CRITICAL9.8PL ✓ten sam produkt

HDF5 Library: heap-based buffer overflow w dekompresji nbit