cve
base
Products
Trending
About
Docs
Pricing
CVE-2024-32623
— Heap-based Buffer Overflow in Hdf5
Save
CWE-122
— Heap-based Buffer Overflow
6 documents
6 sources
Severity
8.8
HIGH
NVD
CVSS:3.1
EPSS
0.5%
top 33.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Hdfgroup Hdf5
Debian Hdf5
Msrc Azl3 Hdf5 1.14.3-1 ON Azure Linux 3.0
+7 more
Timeline
Published
May 14
Description
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 | Impact: 5.9
Attack Vector:
Network
Complexity:
Low
Privileges:
Low
User Interaction:
None
Scope:
Unchanged
Confidentiality:
High
Integrity:
High
Availability:
High
▶
EPSS history
Affected Packages
11 packages
▶
debian
debian/hdf5
<
hdf5 1.14.5+repack-1 (forky)
▶
NVD
hdfgroup/hdf5
<
1.14.4
▶
Debian
hdfgroup/hdf5
<
1.14.5+repack-1
+1
▶
msrc
msrc/azl3_hdf5_1.14.3-1_on_azure_linux_3.0
▶
msrc
msrc/cbl2_hdf5_1.14.4-1_on_cbl_mariner_2.0
Show 6 more packages
🔴
Vulnerability Details
2
OSV
CVE-2024-32623: HDF5 Library through 1
↗
2024-05-14
▶
GHSA
GHSA-f9xr-555m-75cp: HDF5 Library through 1
↗
2024-05-14
▶
📋
Vendor Advisories
3
Microsoft
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).
↗
2024-05-14
▶
Red Hat
hdf5: multiple CVEs
↗
2024-05-10
▶
Debian
CVE-2024-32623: hdf5 - HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_...
↗
2024
▶
Search