HDF5 Heap-Based Use-After-Free Vulnerability in Memory Management Function

A heap-use-after-free vulnerability has been identified in the HDF5 library versions through 1.14.6. The issue occurs in the 'H5FL__blk_gc_list' function within 'src/H5FL.c'. This vulnerability arises because the function does not properly manage memory addresses, allowing freed addresses to be reused, which can lead to out-of-bounds reads and potential application crashes. The vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability leads to a heap-use-after-free condition, which can cause a segmentation fault and allow for arbitrary code execution, according to the GitHub advisory.

Reproduction

The vulnerability can be reproduced by compiling the HDF5 library with AddressSanitizer enabled, using Clang as the compiler. After building the library, the 'h5_extended_fuzzer' can be compiled and run with a specific input file that triggers the use-after-free condition. This input file is available as part of the GitHub issue discussing the vulnerability.

Remediation

Users are advised to update to HDF5 version 2.0.0 or later, where this vulnerability has been addressed.