{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2153","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-10T06:49:20.263Z","datePublished":"2025-03-10T14:00:09.524Z","dateUpdated":"2025-05-12T15:35:33.596Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-21T08:53:39.678Z"},"title":"HDF5 h5 File H5SM.c H5SM_delete heap-based overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-122","lang":"en","description":"Heap-based Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"n/a","product":"HDF5","versions":[{"version":"1.14.6","status":"affected"}],"modules":["h5 File Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in HDF5 1.14.6 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion H5SM_delete der Datei H5SM.c der Komponente h5 File Handler. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.1,"vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-03-10T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-10T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-21T09:55:45.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Chen Lihai","type":"finder"},{"lang":"en","value":"Zhang Yuqing","type":"finder"}],"references":[{"url":"https://vuldb.com/?id.299064","name":"VDB-299064 | HDF5 h5 File H5SM.c H5SM_delete heap-based overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.299064","name":"VDB-299064 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.510819","name":"Submit #510819 | https://github.com/HDFGroup/hdf5 hfd5 v1.14.6 Heap-based Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/HDFGroup/hdf5/issues/5329","tags":["issue-tracking"]},{"url":"https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-10T14:18:27.594458Z","id":"CVE-2025-2153","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-12T15:35:33.596Z"}}]}}