HDF5 Heap-Based Buffer Overflow Vulnerability in H5FS__sinfo_serialize_sect_cb Function

A heap-based buffer overflow vulnerability has been identified in the HDF5 library, specifically in versions through 1.14.6. The issue arises in the H5FS__sinfo_serialize_sect_cb function within the file src/H5FScache.c. The vulnerability is triggered by improper handling of the 'sect' argument, leading to an out-of-bounds write operation. This flaw requires local access to exploit and can cause a crash of the application.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, allowing for memory corruption and potential arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling HDF5 with AddressSanitizer enabled, using Clang as the compiler. After building the library, a fuzzer can be created to target the H5FS__sinfo_serialize_sect_cb function. This fuzzer should write crafted data into a temporary file, which is then opened with HDF5's file handling functions. The manipulation of the 'sect' argument during this process triggers the buffer overflow. The proof-of-concept fuzzer is available for download.