| 제목 | https://github.com/HDFGroup/hdf5 hfd5 v1.14.6 Heap-based Buffer Overflow |
|---|
| 설명 | A heap-buffer-overflow vulnerability was discovered in the H5O_msg_flush function within the HDF5 Library. This issue occurs when processing certain files, leading to an out-of-bounds write and potential application crash.
The vulnerability arises in the H5O_msg_flush function defined in src/H5Omessage.c at line 1912. The function fails to properly check the buffer boundaries, resulting in a write operation beyond the allocated memory.
If the following crash is used, on the third call to H5O-msg-flush, oh ->version is set to 1, which makes the value of H5O-SIZEOF-MSGHDR-OH (oh) equal to 8. Therefore, p points to the first 8 bytes of mesg ->raw, which exceeds the allocated buffer and writes 1 byte of data.
That is, the program did not perform sufficient boundary checks when calculating the message header pointer. Due to the improper handling of the relative positional relationship between the calculation result of H5OZIEOF-MSGHDR-OH (oh) and the buffer pointed to by mesg ->raw, pointer out of bounds writing occurred. |
|---|
| 원천 | ⚠️ https://github.com/HDFGroup/hdf5/issues/5370 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 03. 13. PM 03:41 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 28. PM 12:01 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 301885 [HDF5 까지 1.14.6 src/H5Omessage.c H5O_msg_flush oh 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|