HDF5 Heap-Based Buffer Overflow Vulnerability in Type Conversion Logic

A critical heap-based buffer overflow vulnerability has been identified in HDF5 version 1.14.6. This issue arises in the 'H5T__bit_copy' function within the type conversion logic, where the library improperly handles data copying, leading to a memory corruption vulnerability. Local access is required to exploit this vulnerability, which has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption, application crashes, and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling HDF5 with AddressSanitizer enabled, using Clang as the compiler. After building the library, the 'h5dump' tool can be used to process a crafted file that triggers the buffer overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

The vendor plans to address this vulnerability in an upcoming release.