CVE-2024-7765

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 20, 2025

Updated: Apr 1, 2025

CWE ID 409

Summary

CVE-2024-7765 is a denial-of-service vulnerability affecting h2oai's h2o-3 version 3.46.0.2. By uploading and parsing a large GZIP file repeatedly, an attacker can cause memory exhaustion and make the server unresponsive. The severity stems from the software's inability to handle highly compressed data properly, resulting in significant data amplification. This issue could lead to a large number of concurrent slow-running jobs, ultimately impacting the availability and performance of the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

h2oai h2o-3

Affected Vendors

H2O.ai

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xusst_
https://www.cve.org/CVERecord?id=CVE-2024-7765
https://nvd.nist.gov/vuln/detail/CVE-2024-7765

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners