A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.
References
Link | Resource |
---|---|
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.299722 | Permissions Required VDB Entry |
https://vuldb.com/?id.299722 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.514532 | Third Party Advisory VDB Entry |
Configurations
History
28 May 2025, 18:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.299722 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.299722 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.514532 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:hdfgroup:hdf5:1.14.6:*:*:*:*:*:*:* | |
First Time |
Hdfgroup hdf5
Hdfgroup |
|
CWE | CWE-787 |
08 May 2025, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. |
14 Mar 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-14 21:15
Updated : 2025-05-28 18:13
NVD link : CVE-2025-2309
Mitre link : CVE-2025-2309
CVE.ORG link : CVE-2025-2309
JSON object : View
Products Affected
hdfgroup
- hdf5