| Title | https://github.com/HDFGroup/hdf5 hfd5 v1.14.6 Heap-based Buffer Overflow |
|---|
| Description | A heap-buffer-overflow vulnerability was discovered in the H5O_msg_flush function within the HDF5 Library. This issue occurs when processing certain files, leading to an out-of-bounds write and potential application crash.
The vulnerability arises in the H5O_msg_flush function defined in src/H5Omessage.c at line 1912. The function fails to properly check the buffer boundaries, resulting in a write operation beyond the allocated memory.
If the following crash is used, on the third call to H5O-msg-flush, oh ->version is set to 1, which makes the value of H5O-SIZEOF-MSGHDR-OH (oh) equal to 8. Therefore, p points to the first 8 bytes of mesg ->raw, which exceeds the allocated buffer and writes 1 byte of data.
That is, the program did not perform sufficient boundary checks when calculating the message header pointer. Due to the improper handling of the relative positional relationship between the calculation result of H5OZIEOF-MSGHDR-OH (oh) and the buffer pointed to by mesg ->raw, pointer out of bounds writing occurred. |
|---|
| Source | ⚠️ https://github.com/HDFGroup/hdf5/issues/5370 |
|---|
| User | Anonymous User |
|---|
| Submission | 03/13/2025 03:41 PM (3 months ago) |
|---|
| Moderation | 03/28/2025 12:01 PM (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 301885 [HDF5 up to 1.14.6 src/H5Omessage.c H5O_msg_flush oh heap-based overflow] |
|---|
| Points | 20 |
|---|