Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240912-01
HistorySep 12, 2024 - 12:00 a.m.

ROS-20240912-01

2024-09-1200:00:00
redos.red-soft.ru
2
h5olayout.c
h5hlcache.c
h5fint.c
h5dscatgath.c
readgifheader
h5t.c
h5ac_unpin_entry
h5odtype.c
h5eint.c
h5tools_str.c
h5hg.c
h5mm.c
h5r__decode_heap
decompress.c
buffer overflow
heap
null pointer dereferencing
denial of service
remote attacker
arithmetic exception
confidentiality
integrity
availability
arbitrary code

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON

A vulnerability in the H5O__layout_encode() function in the H5Olayout.c file of the HDF5 library is related to an overflow of the
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the H5HL__fl_deserialize() function in the H5HLcache.c file of the HDF5 library is related to a buffer overflow in the heap, which causes a remote attacker to cause a denial of service.
buffer in the heap, resulting in instruction pointer corruption. Exploitation of the vulnerability could allow an
an attacker to cause a denial of service

A vulnerability in the H5F_addr_decode_len() function in the H5Fint.c. file of the HDF5 library is related to writes outside the
outside of memory boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5D__scatter_mem() function in the H5Dscatgath.c file of the HDF5 library is related to an overflow of the
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the ReadGifHeader() function of the HDF5 libhdf5 library is related to a buffer overflow in dynamic
memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system
by having the user open a specially crafted malicious GIF file

A vulnerability in the H5T__complete_copy() function in the H5T.c. file of the HDF5 library is related to the invocation of an arithmetic
exception. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the H5AC_unpin_entry component of the HDF5 library is related to NULL pointer dereferencing.
Exploitation of the vulnerability could allow a remote attacker to affect the
confidentiality, integrity and availability of information

A vulnerability in the H5T_copy_reopen() function in the H5T.c file of the HDF5 library is related to a buffer overflow in the
heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5O__dtype_decode_helper() function in the H5Odtype.c file of the HDF5 library is related to the
NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting
remotely to cause a denial of service

A vulnerability in the H5E_printf_stack() function in the H5Eint.c file of the HDF5 library is related to uncontrolled recursion.
recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

Vulnerability in the h5tools_str_sprint() function in the h5tools_str.c file of the HDF5 library is related to access to an uninitialized pointer.
uninitialized pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

A vulnerability in the H5HG_read() function in the H5HG.c file of the HDF5 library is related to a heap buffer overflow.
Exploitation of the vulnerability may allow an attacker acting remotely to cause a denial of service

A vulnerability in the H5MM_xstrdup() function in the H5MM.c file of the HDF5 library is related to a heap buffer overflow.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

A vulnerability in the H5R__decode_heap() function of the HDF5 library is related to a stack-based buffer overflow.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

A vulnerability in the H5HG__cache_heap_deserialize() function of the HDF5 library is related to a heap-based buffer overflow.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the decompress.c component of the HDF5 libhdf5 library is related to writing beyond buffer boundaries in
memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system
by opening a specially crafted malicious GIF file by the user

A vulnerability in the H5T__conv_struct_opt() function in the H5Tconv.c file of the HDF5 library is related to an overflow of the
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

The HDF5 library vulnerability is related to improper disconnection or release of resources. Exploitation
of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5A__close() function of the HDF5 library is related to a buffer overflow in the heap, resulting in a
Instruction pointer corruption. Exploitation of the vulnerability could allow an attacker acting
remotely to cause a denial of service

A vulnerability in the H5A__attr_release_table() function in the H5Aint.c file of the HDF5 library is related to the use of an
uninitialized variable. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

A vulnerability in the H5A__attr_release_table() function of the HDF5 library is related to a heap buffer overflow.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

H5HG_read() vulnerability in HDF5 library is related to a heap buffer overflow. Exploitation
of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5T__get_native_type () function in the H5Tnative.c file of the HDF5 library is related to a heap buffer overflow.
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5O__linfo_decode() function of the HDF5 library is associated with a heap buffer overflow.
Exploitation of the vulnerability may allow an attacker to cause a denial of service

A vulnerability in the H5VM_memcpyvv() function in the H5VM.c file of the HDF5 library is related to a heap buffer overflow.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in the H5T__bit_find() function of the HDF5 library is related to a heap buffer overflow. Exploitation of the
of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the H5VM_memcpyvv() function in the H5VM.c file of the HDF5 library is related to reading outside of memory boundaries
memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the H5O__layout_decode() function in the H5Olayout.c file of the HDF5 library is related to reading outside of memory boundaries.
memory boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability in the H5A__close() function in the H5Aint.c file of the HDF5 library is related to a heap buffer overflow,
which results in instruction pointer corruption. Exploitation of the vulnerability could allow an attacker to
cause a denial of service

A vulnerability in the H5O__dtype_encode_helper() function in the H5Odtype.c file of the HDF5 library is related to a buffer overflow in the heap.
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5Z__nbit_decompress_one_byte() function in the H5Znbit.c file of the HDF5 library is related to a heap buffer overflow.
Heap buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

Vulnerability in the H5S__point_deserialize() function in the H5Spoint.c file of the HDF5 library is related to a buffer overflow in the heap.
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

Vulnerability in the h5tools_str_sprint function (/hdf5/tools/lib/h5tools_str.c) of the hdf5 file viewer program
h5dump of HDF5 library is related to buffer overflow in dynamic memory. Exploitation of the vulnerability
could allow an attacker acting remotely to cause a denial of service

A vulnerability in the H5F_get_nrefs() function in the H5Fquery.c. file of the HDF5 library is related to the dereferencing of a NULL
pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5HL__fl_deserialize() function in the H5HLcache.c file of the HDF5 library is related to an overflow of the
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5Z__filter_scaleoffset() function of the HDF5 library is related to buffer copying without checking the
the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service

A vulnerability in the H5D__create_chunk_chunk_file_map_hyper() function in the H5Dchunk.c. file of the HDF5 library is related to writing outside memory boundaries.
writes outside of memory boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of
denial of service

A vulnerability in the Decompress() function in the HDF5 library’s decompress.c. file is related to writes outside of memory boundaries.
memory boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the ReadGifHeader() function (gifread.c) of the HDF5 libhdf5 library is related to writing outside the boundaries of a
buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code on the target system by having the user open a specially crafted malicious GIF file.
GIF file

A vulnerability in the H5VM_array_fill() function in the H5VM.c file of the HDF5 library is related to a buffer overflow in the
heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the H5O__mtime_new_encode() function in the H5Omtime.c file of the HDF5 library is related to a heap buffer overflow.
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

H5T__ref_mem_setnull() vulnerability in H5Tref.c of HDF5 library is related to a heap buffer overflow.
buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the H5T_close_real() function in the H5T.c file of the HDF5 library is related to an operation exceeding the boundaries of a
buffer in memory, which leads to instruction pointer corruption. Exploitation of the vulnerability could
Allow an attacker to cause a denial of service

A vulnerability in the H5F_addr_decode_len() function in the H5Fint.c file of the HDF5 library is related to a buffer overflow
in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

Vulnerability in the H5HG_read() function of the HDF5 library is related to a heap buffer overflow. Exploitation
vulnerability could allow a remote attacker to cause a denial of service

Vulnerability in H5FL_arr_malloc() function in H5FL.c file of HDF5 library is related to a buffer overflow in the heap.
heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

H5FL_arr_malloc() vulnerability in HDF5 library is related to a heap buffer overflow. Exploitation of the
vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5Eint.c. file of the HDF5 library is related to uncontrolled recursion. Exploitation
exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5AC_unpin_entry() function in the H5AC.c. file of the HDF5 library is related to the dereferencing of a NULL
pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the H5Z__filter_fletcher32() function of the HDF5 library is related to a heap buffer overflow.
Exploitation of the vulnerability may allow an attacker to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64hdf5< 1.14.4-1UNKNOWN

Related

nessus 16
openvas 3
talosblog 1
cvelist 19
redhatcve 19
cve 14
vulnrichment 16
ubuntucve 18
nvd 21
osv 13
debiancve 18
suse 2
prion 6
cbl_mariner 29
cnvd 2
talos 2
nessus
nessus
SUSE SLES12 Security Update : hdf5 (SUSE-SU-2024:2105-1)
2024-06-21 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : hdf5 (SUSE-SU-2024:2195-1)
2024-06-26 00:00:00
SUSE SLES15 Security Update : hdf5, netcdf, trilinos (SUSE-SU-2024:3144-1)
2024-09-06 00:00:00
openvas
openvas
openSUSE: Security Advisory for hdf5, netcdf, trilinos (SUSE-SU-2024:3144-1)
2024-09-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3825-1)
2022-11-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3829-1)
2022-11-02 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution
2022-08-16 14:03:00
cvelist
cvelist
CVE-2024-32613
1976-01-01 00:00:00
CVE-2024-32612
1976-01-01 00:00:00
CVE-2022-25942
2022-08-22 18:20:49
redhatcve
redhatcve
CVE-2024-32613
2024-05-10 20:27:52
CVE-2024-32612
2024-05-10 20:27:42
CVE-2021-46242
2022-01-25 13:21:13
cve
cve
CVE-2024-32613
2024-05-14 15:36:46
CVE-2024-32612
2024-05-14 15:36:46
CVE-2020-10809
2020-03-22 18:15:14
vulnrichment
vulnrichment
CVE-2024-32612
1976-01-01 00:00:00
CVE-2024-32613
1976-01-01 00:00:00
CVE-2024-33877
1976-01-01 00:00:00
ubuntucve
ubuntucve
CVE-2024-32613
2024-05-14 00:00:00
CVE-2024-32612
2024-05-14 00:00:00
CVE-2024-33874
2024-05-14 00:00:00
nvd
nvd
CVE-2024-32613
2024-05-14 15:36:46
CVE-2024-32612
2024-05-14 15:36:46
CVE-2024-29165
2024-05-14 15:15:33
osv
osv
CVE-2024-32613
2024-05-14 15:36:00
CVE-2024-32612
2024-05-14 15:36:00
CVE-2024-32623
2024-05-14 15:36:00
debiancve
debiancve
CVE-2024-32613
2024-05-14 15:36:46
CVE-2024-32612
2024-05-14 15:36:46
CVE-2024-32606
2024-05-14 15:36:45
suse
suse
Security update for hdf5 (important)
2022-11-01 00:00:00
Security update for hdf5 (important)
2022-11-01 00:00:00
prion
prion
Stack overflow
2022-01-05 21:15:00
Heap overflow
2022-01-05 20:15:00
Heap overflow
2022-08-22 19:15:00
cbl_mariner
cbl_mariner
CVE-2024-32618 affecting package hdf5 for versions less than 1.14.4.3-1
2024-06-21 09:32:44
CVE-2024-33877 affecting package hdf5 for versions less than 1.14.4-1
2024-05-23 23:29:42
CVE-2024-32618 affecting package hdf5 for versions less than 1.14.4-1
2024-05-23 23:29:42
cnvd
cnvd
HDF5 has a denial-of-service vulnerability (CNVD-2022-07233)
2022-01-25 00:00:00
HDF5 stack buffer overflow vulnerability
2022-01-06 00:00:00
talos
talos
HDF5 Group libhdf5 gif2h5 out-of-bounds read vulnerability
2022-08-16 00:00:00
HDF5 Group libhdf5 gif2h5 out-of-bounds write vulnerability
2022-08-16 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON
Related for ROS-20240912-01
nessus16openvas3talosblog1cvelist19redhatcve19cve14vulnrichment16ubuntucve18nvd21osv13debiancve18suse2prion6cbl_mariner29cnvd2talos2