CVE-2024-32606 — Use of Uninitialized Resource in Hdf5

CWE-908 — Use of Uninitialized Resource5 documents5 sources

Severity

5.7MEDIUMNVD

EPSS

0.1%

top 75.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hdfgroup Hdf5 Debian Hdf5

Timeline

PublishedMay 14

Description

HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 1.4 | Impact: 4.2

Affected Packages3 packages

▶debiandebian/hdf5< hdf5 1.14.5+repack-1 (forky)

▶NVDhdfgroup/hdf5< 1.14.4

▶Debianhdfgroup/hdf5< 1.14.5+repack-1+1

🔴Vulnerability Details

GHSA

GHSA-m29j-f39x-2r24: HDF5 Library through 1↗2024-05-14

▶

OSV

CVE-2024-32606: HDF5 Library through 1↗2024-05-14

▶

📋Vendor Advisories

Red Hat

hdf5: multiple CVEs↗2024-05-10

▶

Debian

CVE-2024-32606: hdf5 - HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h...↗2024

▶