Lucene search

[email protected]NVD:CVE-2024-32612

HistoryMay 14, 2024 - 3:36 p.m.

CVE-2024-32612

2024-05-1415:36:46

CWE-122

[email protected]

web.nvd.nist.gov

hdf5 library

buffer over-read

heap-based

vulnerability

corruption

instruction pointer

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.

References

www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

JSON

Related for NVD:CVE-2024-32612

cvelist2 nvd1 ubuntucve2 vulnrichment2 osv2 redhatcve2 cve2 nessus2 debiancve2 cbl_mariner4 redos1