LiveActive security incident?Get immediate response
CVE Record

CVE-2020-18494: Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run...

Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This CVE describes a memory-safety flaw in HDF5 1.10.4 when handling a crafted file. If an exposed service processes attacker-supplied HDF5 files, the reported impact is arbitrary code execution. The source bundle lacks severity scoring, affected product mapping, and patch guidance.

Executive priority

Prioritize exposure discovery first. The potential impact is serious because arbitrary code execution is reported, but urgency cannot be scored from the supplied sources without affected product mapping, CVSS, patch status, or exploitation evidence.

Technical view

The CVE record describes a buffer overflow in H5S_close in H5S.c in HDF5 1.10.4, triggered by a crafted file and potentially allowing arbitrary code execution. Public metadata does not include CVSS, CWE, affected CPEs, patch version, or vendor advisory details.

Likely exposure

Exposure is most plausible where HDF5 1.10.4 parses untrusted or user-supplied HDF5 files, including upload, analytics, research, ML, or conversion pipelines. The bundle does not identify downstream products, CPEs, or distribution-specific affected packages.

Exploitation context

The bundle indicates KEV status is false and provides no cited evidence of active exploitation. The main public reference appears to be a GitHub proof-of-concept repository path, but the prompt provides no verified exploitability details beyond crafted-file triggering.

Researcher notes

Evidence is sparse. The CVE ties the issue to HDF5 1.10.4 and H5S_close, with crafted-file input as the trigger. Researchers should avoid assuming broader version ranges or active exploitation without vendor, maintainer, or distribution confirmation.

Mitigation direction

  • Inventory systems and applications using HDF5 1.10.4 or embedded HDF5 libraries.
  • Check official HDF5 or package maintainer guidance for fixed versions or backports.
  • Restrict processing of untrusted HDF5 files until exposure is understood.
  • Sandbox or isolate file parsing jobs that handle external datasets.
  • Monitor file-processing services for crashes or abnormal parser failures.

Validation and detection

  • Confirm HDF5 library versions in deployed applications and containers.
  • Identify workflows that accept HDF5 files from external users or partners.
  • Review dependency manifests for direct or bundled HDF5 1.10.4 usage.
  • Check logs for crashes around HDF5 file parsing paths.
  • Validate remediation against vendor or distribution package metadata.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2020-18494 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.