CVE-2024-32608

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDF5 library versions prior to 1.14.4

Description The issue is related to memory corruption in the H5A close() function of the HDF5 library, resulting in the corruption of the instruction pointer. This can cause denial of service or potential code execution. The vulnerability is associated with a heap buffer overflow, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For HDF5 library versions prior to 1.14.4, update to version 1.14.4 or later to resolve the issue. As a temporary workaround, consider disabling the H5A close() function until a patch is available. Restrict access to the HDF5 library to minimize the risk of exploitation. Avoid using the HDF5 library for critical operations until the issue is resolved.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2024-07140

CVE-2024-32608

ECHO-811D-F445-328E

OESA-2024-2337

OESA-2024-2338

OESA-2024-2339

OESA-2024-2340

OPENSUSE-SU-2024_2195-1

OPENSUSE-SU-2024_3144-1

RHSA-2025:3801

SUSE-SU-2024:2105-1

SUSE-SU-2024:2195-1

SUSE-SU-2024:3144-1

Affected Products

Astra Linux

Debian

Hdf5

Red Os

Suse

CVE-2024-32608

Weakness Enumeration

Related Identifiers

Affected Products

References · 94