PT-2024-6200 · Unknown+2 · Hdf5 Library+2
Published
2024-05-09
·
Updated
2026-03-29
·
CVE-2024-32617
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HDF5 Library versions prior to 1.14.4
Description
The issue is related to a heap-based buffer over-read caused by the unsafe use of
strdup in H5MM xstrdup in H5MM.c, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The H5MM xstrdup function is called from H5G ent to link in H5Glink.c.Recommendations
For versions prior to 1.14.4, consider updating to a version that contains a fix for this issue, as the current version may allow for exploitation due to the unsafe use of
strdup in H5MM xstrdup.
As a temporary workaround, consider restricting the use of the H5MM xstrdup function until a patch is available.Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Hdf5 Library
Red Os