diff options
author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-08-03 17:48:58 (GMT) |
---|---|---|
committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-08-03 17:48:58 (GMT) |
commit | 068fc878c39a37c0b3865cb6cd01eb57f4dbde74 (patch) | |
tree | 47776aa2f192e9db42f62bf969f404eb5e7c0787 /release_docs/RELEASE.txt | |
parent | 7a80f551a69ce6e9a98c0b8704204617ceb7a114 (diff) | |
download | hdf5-068fc878c39a37c0b3865cb6cd01eb57f4dbde74.zip hdf5-068fc878c39a37c0b3865cb6cd01eb57f4dbde74.tar.gz hdf5-068fc878c39a37c0b3865cb6cd01eb57f4dbde74.tar.bz2 |
Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and CVE-2018-13869)
Description:
When a buffer overflow occurred because a name length was corrupted
and became very large, h5dump produced a segfault on one file and a
memcpy parameter overlap on another file. This commit added checks
that detect a read pass the end of the buffer to prevent these error
conditions.
Platforms tested:
Linux/64 (jelly)
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 82446ab..8a86b82 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -342,6 +342,17 @@ Bug Fixes since HDF5-1.10.5 release Library ------- + - Fixed issues CVE-2018-13870 and CVE-2018-13869 + + When a buffer overflow occurred because a name length was corrupted + and became very large, h5dump crashed on memory access violation. + + A check for reading pass the end of the buffer was added to multiple + locations to prevent the crashes and h5dump now simply fails with an + error message when this error condition occurs. + + (BMR - 2020/7/31, HDFFV-11120 and HDFFV-11121) + - Fixed the segmentation fault when reading attributes with multiple threads It was reported that the reading of attributes with variable length string |