diff options
author | Egbert Eich <eich@suse.com> | 2022-11-11 05:24:56 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-11 05:24:56 (GMT) |
commit | 1750b4b0af5158009aa2f861c65fb4bf8fc364de (patch) | |
tree | 9a9c42da178803b882a03a6602efd9c48a112c23 /release_docs | |
parent | 659bc99fd139e16fdf47b31b635f158b72e3f5a4 (diff) | |
download | hdf5-1750b4b0af5158009aa2f861c65fb4bf8fc364de.zip hdf5-1750b4b0af5158009aa2f861c65fb4bf8fc364de.tar.gz hdf5-1750b4b0af5158009aa2f861c65fb4bf8fc364de.tar.bz2 |
Validate location (offset) of the accumulated metadata when comparing (#2231)
Initially, the accumulated metadata location is initialized to HADDR_UNDEF
- the highest available address. Bogus input files may provide a location
or size matching this value. Comparing this address against such bogus
values may provide false positives. This make sure, the value has been
initilized or fail the comparison early and let other parts of the
code deal with the bogus address/size.
Note: To avoid unnecessary checks, we have assumed that if the 'dirty'
member in the same structure is true the location is valid.
This fixes CVE-2018-13867 / Bug #2230.
Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'release_docs')
-rw-r--r-- | release_docs/RELEASE.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index bc04d93..a8e9011 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -172,6 +172,21 @@ Bug Fixes since HDF5-1.13.3 release =================================== Library ------- + - Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf + + Validate location (offset) of the accumulated metadata when comparing. + + Initially, the accumulated metadata location is initialized to HADDR_UNDEF + - the highest available address. Bogus input files may provide a location + or size matching this value. Comparing this address against such bogus + values may provide false positives. Thus make sure, the value has been + initialized or fail the comparison early and let other parts of the + code deal with the bogus address/size. + Note: To avoid unnecessary checks, it is assumed that if the 'dirty' + member in the same structure is true the location is valid. + + (EFE - 2022/10/10 GH-2230) + - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2 Make H5O__fsinfo_decode() more resilient to out-of-bound reads. |