Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-2309
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-14 Mar, 2025 | 21:00
Updated At-08 May, 2025 | 08:58
Rejected At-
▼CVE Numbering Authority (CNA)
HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.

Affected Products
Vendor
n/a
Product
HDF5
Modules
  • Type Conversion Logic
Versions
Affected
  • 1.14.6
Problem Types
TypeCWE IDDescription
CWECWE-122Heap-based Buffer Overflow
CWECWE-119Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.04.3N/A
AV:L/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
NPU Unmanned Systems Safety Laboratory (VulDB User)
Timeline
EventDate
Advisory disclosed2025-03-14 00:00:00
VulDB entry created2025-03-14 01:00:00
VulDB entry last update2025-05-08 11:03:41
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.299722
vdb-entry
technical-description
https://vuldb.com/?ctiid.299722
signature
permissions-required
https://vuldb.com/?submit.514532
third-party-advisory
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found