CVE-2024-32617

Опубликовано: 10 мая 2024

Источник: redhat

Описание

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenStack Platform 16.1	hdf5	Out of support scope
Red Hat Enterprise Linux AI 1.5 for RHEL 9.4	hdf5	Fixed	RHSA-2025:3801	10.04.2025
Red Hat Enterprise Linux AI 1.5 for RHEL 9.4	libaec	Fixed	RHSA-2025:3801	10.04.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2280037hdf5: multiple CVEs

Связанные уязвимости

CVE-2024-32617

CVSS3: 8.8

ubuntu

около 1 года назад

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).

CVE-2024-32617

CVSS3: 8.8

nvd

около 1 года назад

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).

CVE-2024-32617

CVSS3: 8.8

msrc

около 1 года назад

Описание отсутствует

CVE-2024-32617

CVSS3: 8.8

debian

около 1 года назад

HDF5 Library through 1.14.3 contains a heap-based buffer over-read cau ...

GHSA-g9g4-wrgg-h792

CVSS3: 8.8

github

около 1 года назад

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).