Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6856

Опубликовано: 29 июн. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

A flaw was found in hdf5. The H5FL__reg_gc_list function in src/H5FL.c contains a use-after-free condition, requiring local attacker interaction. Manipulation of the file triggers this condition, potentially leading to a denial of service. This vulnerability stems from improper memory management during garbage collection list registration.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux AI (RHEL AI)hdf5Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2375414hdf5: HDF5 Use-After-Free Vulnerability

EPSS

Процентиль: 9%
0.00033
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6856

CVSS3: 3.3
ubuntu
4 месяца назад

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-6856

CVSS3: 3.3
nvd
4 месяца назад

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

debian логотип

CVE-2025-6856

CVSS3: 3.3
debian
4 месяца назад

A vulnerability, which was classified as problematic, was found in HDF ...

github логотип

GHSA-wxfp-rw9f-g4g7

CVSS3: 3.3
github
4 месяца назад

A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 9%
0.00033
Низкий

3.3 Low

CVSS3