{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29043", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T17:50:11.242Z", "datePublished": "2026-04-10T15:35:51.682Z", "dateUpdated": "2026-04-14T14:50:46.566Z"}, "containers": {"cna": {"title": "HDF5 H5T__ref_mem_setnull Heap Buffer Overflow", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277"}], "affected": [{"vendor": "HDFGroup", "product": "hdf5", "versions": [{"version": "<= 1.14.1-2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T15:35:51.682Z"}, "descriptions": [{"lang": "en", "value": "HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems."}], "source": {"advisory": "GHSA-qm2m-5g5w-2277", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:50:10.348494Z", "id": "CVE-2026-29043", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:50:46.566Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29043", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T14:50:10.348494Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:50:42.601Z"}}], "cna": {"title": "HDF5 H5T__ref_mem_setnull Heap Buffer Overflow", "source": {"advisory": "GHSA-qm2m-5g5w-2277", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "HDFGroup", "product": "hdf5", "versions": [{"status": "affected", "version": "<= 1.14.1-2"}]}], "references": [{"url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277", "name": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T15:35:51.682Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29043", "state": "PUBLISHED", "dateUpdated": "2026-04-14T14:50:46.566Z", "dateReserved": "2026-03-03T17:50:11.242Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-10T15:35:51.682Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hdfgroup:hdf5:*:*:*:*:*:*:*:*", "matchCriteriaId": "B31207D0-FC14-4CA5-89E2-F4223AD53DD5", "versionEndIncluding": "1.14.1-2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems."}], "id": "CVE-2026-29043", "lastModified": "2026-04-16T19:40:13.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-10T16:16:30.693", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "HDF5: HDF5: Remote code execution and denial of service via heap buffer overflow in H5T__ref_mem_setnull", "id": "2457327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457327"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in HDF5, a software for managing data. An attacker who can control a specially crafted HDF5 (.h5) file can trigger a write-based heap buffer overflow in the H5T__ref_mem_setnull method when the file is parsed. This vulnerability can lead to a denial-of-service condition, and potentially allow for remote code execution depending on the exploitability of the heap overflow against modern operating systems."], "name": "CVE-2026-29043", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "hdf5", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}], "public_date": "2026-04-10T15:35:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-29043\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-29043\nhttps://github.com/HDFGroup/hdf5/security/advisories/GHSA-qm2m-5g5w-2277"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.14.1-2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "hdf5", "source": "cna", "vendor": "HDFGroup"}, "product": "hdf5", "vendor": "hdfgroup"}], "analysis": {"en": {"generated_at": "2026-04-13T14:20:40.899002+00:00", "value": {"mitigation_remediation": ["Upgrade HDF5 to a version newer than 1.14.1-2.", "Confirm the installed version with package information or HDF5 utilities.", "Restrict parsing of untrusted HDF5 files until the upgrade or run the service in a sandboxed environment."], "summary": {"action": "Apply Upgrade", "impact": "Denial of Service and potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of the HDFGroup HDF5 library running version 1.14.1\u20112 or earlier are vulnerable. This includes any application that parses or loads user\u2011supplied HDF5 files, such as scientific computing, data analytics, and other data\u2011processing workloads that rely on HDF5.", "description_and_impact": "HDF5, versions 1.14.1-2 and earlier, have a heap buffer overflow in the H5T__ref_mem_setnull function. A crafted HDF5 file can trigger this overflow when processed, causing a denial\u2011of\u2011service condition and potentially allowing an attacker to execute code depending on how the overflow is exploited on the target operating system. The weakness originates from writing beyond a heap allocation while setting reference memory to null.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, while the EPSS of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to supply the vulnerable program with a malicious HDF5 file; successful exploitation could result in denial of service or, under certain conditions, remote code execution. No official workaround is documented, so patching is the recommended defense."}}}}, "created": "2026-04-13T12:44:46.014778+00:00", "updated": "2026-04-13T14:27:07.584427+00:00", "vendors": ["hdfgroup", "hdfgroup$PRODUCT$hdf5"]}