summaryrefslogtreecommitdiffstats
path: root/release_docs
diff options
context:
space:
mode:
authorEgbert Eich <eich@suse.com>2022-12-02 20:24:14 (GMT)
committerGitHub <noreply@github.com>2022-12-02 20:24:14 (GMT)
commit24700e8f0607e9a3782c843528e2c5a892d4d6f6 (patch)
treecf12df8269a0ba0f384921b257c0d7d36dcb6a12 /release_docs
parent88b24c258b8d938ab19eb015d019162bd66d5be6 (diff)
downloadhdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.zip
hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.tar.gz
hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.tar.bz2
CVE 2021 46242 develop (#2255)
* When evicting driver info block, NULL the corresponding entry Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing the pointer in f->shared->drvinfo will prevent use-after-free when it is used in other functions (like H5F__dest()) - as other places will check whether the pointer is initialized before using its value. This fixes CVE-2021-46242 / Bug #2254 Signed-off-by: Egbert Eich <eich@suse.com> * When evicting the superblock, NULL the corresponding entry The call to H5AC_expunge_entry() will free the corresonding structure, to avoid a use-after-free, the corrsponding pointer entry will be NULLed. Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'release_docs')
-rw-r--r--release_docs/RELEASE.txt12
1 files changed, 12 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 8709686..c71c4fa 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -172,6 +172,18 @@ Bug Fixes since HDF5-1.13.3 release
===================================
Library
-------
+ - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf
+
+ When evicting driver info block, NULL the corresponding entry.
+
+ Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag
+ H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing
+ the pointer in f->shared->drvinfo will prevent use-after-free when it is
+ used in other functions (like H5F__dest()) - as other places will check
+ whether the pointer is initialized before using its value.
+
+ (EFE - 2022/09/29 GH-2254)
+
- Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf
Validate location (offset) of the accumulated metadata when comparing.