{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"hdf5 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for hdf5 is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.\n\nSecurity Fix(es):\n\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.(CVE-2018-13871)\n\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.(CVE-2018-13875)\n\nAn issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.(CVE-2018-14034)\n\nHDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29157)\n\nHDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29158)\n\nHDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29159)\n\nHDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29160)\n\nHDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29161)\n\nHDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.(CVE-2024-29162)\n\nHDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29163)\n\nHDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29164)\n\nHDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-29165)\n\nHDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).(CVE-2024-32605)\n\nHDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.(CVE-2024-32607)\n\nHDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.(CVE-2024-32608)\n\nHDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.(CVE-2024-32609)\n\nHDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.(CVE-2024-32610)\n\nHDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.(CVE-2024-32611)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.(CVE-2024-32612)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.(CVE-2024-32613)\n\nHDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.(CVE-2024-32614)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.(CVE-2024-32615)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.(CVE-2024-32616)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).(CVE-2024-32617)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.(CVE-2024-32618)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.(CVE-2024-32619)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.(CVE-2024-32620)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.(CVE-2024-32621)\n\nHDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).(CVE-2024-32622)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).(CVE-2024-32623)\n\nHDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.(CVE-2024-32624)\n\nHDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.(CVE-2024-33873)\n\nHDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.(CVE-2024-33874)\n\nHDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.(CVE-2024-33875)\n\nHDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.(CVE-2024-33876)\n\nHDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.(CVE-2024-33877)", "category":"general", "title":"Description" }, { "text":"An update for hdf5 is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP1/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"hdf5", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2340", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" }, { "summary":"CVE-2018-13871", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2018-13871&packageName=hdf5" }, { "summary":"CVE-2018-13875", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2018-13875&packageName=hdf5" }, { "summary":"CVE-2018-14034", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2018-14034&packageName=hdf5" }, { "summary":"CVE-2024-29157", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29157&packageName=hdf5" }, { "summary":"CVE-2024-29158", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29158&packageName=hdf5" }, { "summary":"CVE-2024-29159", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29159&packageName=hdf5" }, { "summary":"CVE-2024-29160", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29160&packageName=hdf5" }, { "summary":"CVE-2024-29161", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29161&packageName=hdf5" }, { "summary":"CVE-2024-29162", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29162&packageName=hdf5" }, { "summary":"CVE-2024-29163", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29163&packageName=hdf5" }, { "summary":"CVE-2024-29164", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29164&packageName=hdf5" }, { "summary":"CVE-2024-29165", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-29165&packageName=hdf5" }, { "summary":"CVE-2024-32605", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32605&packageName=hdf5" }, { "summary":"CVE-2024-32607", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32607&packageName=hdf5" }, { "summary":"CVE-2024-32608", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32608&packageName=hdf5" }, { "summary":"CVE-2024-32609", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32609&packageName=hdf5" }, { "summary":"CVE-2024-32610", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32610&packageName=hdf5" }, { "summary":"CVE-2024-32611", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32611&packageName=hdf5" }, { "summary":"CVE-2024-32612", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32612&packageName=hdf5" }, { "summary":"CVE-2024-32613", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32613&packageName=hdf5" }, { "summary":"CVE-2024-32614", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32614&packageName=hdf5" }, { "summary":"CVE-2024-32615", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32615&packageName=hdf5" }, { "summary":"CVE-2024-32616", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32616&packageName=hdf5" }, { "summary":"CVE-2024-32617", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32617&packageName=hdf5" }, { "summary":"CVE-2024-32618", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32618&packageName=hdf5" }, { "summary":"CVE-2024-32619", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32619&packageName=hdf5" }, { "summary":"CVE-2024-32620", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32620&packageName=hdf5" }, { "summary":"CVE-2024-32621", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32621&packageName=hdf5" }, { "summary":"CVE-2024-32622", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32622&packageName=hdf5" }, { "summary":"CVE-2024-32623", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32623&packageName=hdf5" }, { "summary":"CVE-2024-32624", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32624&packageName=hdf5" }, { "summary":"CVE-2024-33873", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-33873&packageName=hdf5" }, { "summary":"CVE-2024-33874", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-33874&packageName=hdf5" }, { "summary":"CVE-2024-33875", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-33875&packageName=hdf5" }, { "summary":"CVE-2024-33876", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-33876&packageName=hdf5" }, { "summary":"CVE-2024-33877", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-33877&packageName=hdf5" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13871" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13875" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14034" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29157" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29158" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29159" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29160" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29161" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29162" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29163" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29164" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29165" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32605" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32607" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32608" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32609" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32610" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32611" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32612" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32613" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32614" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32615" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32616" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32617" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32618" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32619" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32620" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32621" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32622" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32623" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32624" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33873" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33874" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33875" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33876" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33877" }, { "summary":"openEuler-SA-2024-2340 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2340.json" } ], "title":"An update for hdf5 is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2024-11-08T23:09:39+08:00", "revision_history":[ { "date":"2024-11-08T23:09:39+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2024-11-08T23:09:39+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-11-08T23:09:39+08:00", "id":"openEuler-SA-2024-2340", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-debuginfo-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-debuginfo-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-debuginfo-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-debugsource-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-debugsource-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-debugsource-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-devel-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-devel-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-devel-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-mpich-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-mpich-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-mpich-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-mpich-devel-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-mpich-devel-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-mpich-devel-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-mpich-static-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-mpich-static-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-mpich-static-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-openmpi-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-openmpi-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-openmpi-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-openmpi-static-1.14.5-1.oe2403.aarch64.rpm", "name":"hdf5-openmpi-static-1.14.5-1.oe2403.aarch64.rpm" }, "name":"hdf5-openmpi-static-1.14.5-1.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-1.14.5-1.oe2403.src.rpm", "name":"hdf5-1.14.5-1.oe2403.src.rpm" }, "name":"hdf5-1.14.5-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-debuginfo-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-debuginfo-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-debuginfo-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-debugsource-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-debugsource-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-debugsource-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-devel-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-devel-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-devel-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-mpich-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-mpich-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-mpich-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-mpich-devel-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-mpich-devel-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-mpich-devel-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-mpich-static-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-mpich-static-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-mpich-static-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-openmpi-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-openmpi-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-openmpi-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"hdf5-openmpi-static-1.14.5-1.oe2403.x86_64.rpm", "name":"hdf5-openmpi-static-1.14.5-1.oe2403.x86_64.rpm" }, "name":"hdf5-openmpi-static-1.14.5-1.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "name":"hdf5-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-debuginfo-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "name":"hdf5-debuginfo-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-debugsource-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "name":"hdf5-debugsource-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-devel-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "name":"hdf5-devel-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-mpich-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "name":"hdf5-mpich-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-mpich-devel-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "name":"hdf5-mpich-devel-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-mpich-static-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "name":"hdf5-mpich-static-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-openmpi-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "name":"hdf5-openmpi-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "name":"hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-openmpi-static-1.14.5-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "name":"hdf5-openmpi-static-1.14.5-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-1.14.5-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "name":"hdf5-1.14.5-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "name":"hdf5-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-debuginfo-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "name":"hdf5-debuginfo-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-debugsource-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "name":"hdf5-debugsource-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-devel-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "name":"hdf5-devel-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-mpich-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "name":"hdf5-mpich-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-mpich-devel-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "name":"hdf5-mpich-devel-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-mpich-static-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "name":"hdf5-mpich-static-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-openmpi-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "name":"hdf5-openmpi-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "name":"hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"hdf5-openmpi-static-1.14.5-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64", "name":"hdf5-openmpi-static-1.14.5-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2018-13871", "notes":[ { "text":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2018-13871" }, { "cve":"CVE-2018-13875", "notes":[ { "text":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2018-13875" }, { "cve":"CVE-2018-14034", "notes":[ { "text":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2018-14034" }, { "cve":"CVE-2024-29157", "notes":[ { "text":"HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-29157" }, { "cve":"CVE-2024-29158", "notes":[ { "text":"HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-29158" }, { "cve":"CVE-2024-29159", "notes":[ { "text":"HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-29159" }, { "cve":"CVE-2024-29160", "notes":[ { "text":"HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-29160" }, { "cve":"CVE-2024-29161", "notes":[ { "text":"HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-29161" }, { "cve":"CVE-2024-29162", "notes":[ { "text":"HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-29162" }, { "cve":"CVE-2024-29163", "notes":[ { "text":"HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-29163" }, { "cve":"CVE-2024-29164", "notes":[ { "text":"HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-29164" }, { "cve":"CVE-2024-29165", "notes":[ { "text":"HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-29165" }, { "cve":"CVE-2024-32605", "notes":[ { "text":"HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32605" }, { "cve":"CVE-2024-32607", "notes":[ { "text":"HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-32607" }, { "cve":"CVE-2024-32608", "notes":[ { "text":"HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-32608" }, { "cve":"CVE-2024-32609", "notes":[ { "text":"HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32609" }, { "cve":"CVE-2024-32610", "notes":[ { "text":"HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-32610" }, { "cve":"CVE-2024-32611", "notes":[ { "text":"HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-32611" }, { "cve":"CVE-2024-32612", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32612" }, { "cve":"CVE-2024-32613", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32613" }, { "cve":"CVE-2024-32614", "notes":[ { "text":"HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32614" }, { "cve":"CVE-2024-32615", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-32615" }, { "cve":"CVE-2024-32616", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32616" }, { "cve":"CVE-2024-32617", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32617" }, { "cve":"CVE-2024-32618", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32618" }, { "cve":"CVE-2024-32619", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32619" }, { "cve":"CVE-2024-32620", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32620" }, { "cve":"CVE-2024-32621", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-32621" }, { "cve":"CVE-2024-32622", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-32622" }, { "cve":"CVE-2024-32623", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32623" }, { "cve":"CVE-2024-32624", "notes":[ { "text":"HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-32624" }, { "cve":"CVE-2024-33873", "notes":[ { "text":"HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-33873" }, { "cve":"CVE-2024-33874", "notes":[ { "text":"HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2024-33874" }, { "cve":"CVE-2024-33875", "notes":[ { "text":"HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-33875" }, { "cve":"CVE-2024-33876", "notes":[ { "text":"HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-33876" }, { "cve":"CVE-2024-33877", "notes":[ { "text":"HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ], "details":"hdf5 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2340" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.aarch64", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.src", "openEuler-24.03-LTS:hdf5-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debuginfo-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-debugsource-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-mpich-static-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-devel-1.14.5-1.oe2403.x86_64", "openEuler-24.03-LTS:hdf5-openmpi-static-1.14.5-1.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-33877" } ] }