Lucene search

Redhat.comRH:CVE-2024-32613

HistoryMay 10, 2024 - 8:27 p.m.

CVE-2024-32613

2024-05-1020:27:52

redhat.com

access.redhat.com

hdf5 library

heap-based buffer

over-read

h5hl__fl_deserialize

vulnerability

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.

References

bugzilla.redhat.com/show_bug.cgi?id=2280037

nvd.nist.gov/vuln/detail/CVE-2024-32613

www.cve.org/CVERecord?id=CVE-2024-32613

www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON

Related for RH:CVE-2024-32613