PT-2025-11306 · Hdf5+1 · Hdf5+1

Zhang Yaoliang

Publicado

2025-03-14

Atualizado

2026-01-16

CVE-2025-2310

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 version 1.14.6

Description A critical issue affects the function H5MM strndup of the component Metadata Attribute Decoder, leading to heap-based buffer overflow. The manipulation requires local attacking. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Recommendations For HDF5 version 1.14.6, as a temporary workaround, consider disabling the H5MM strndup function until a patch is available.

Exploit

Correção

Buffer Overflow

Heap Based Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-122CWE-787

Identificadores relacionados

AZL-58806

AZL-58825

CVE-2025-2310

ECHO-CCD1-8584-5447

OESA-2026-1131

OESA-2026-1132

OESA-2026-1133

OESA-2026-1134

OESA-2026-1135

RHSA-2025:23731

Produtos afetados

Debian

Hdf5

PT-2025-11306 · Hdf5+1 · Hdf5+1

CVE-2025-2310

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51