diff options
| author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-07-22 21:13:26 (GMT) |
|---|---|---|
| committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-07-22 21:13:26 (GMT) |
| commit | 88e458ac435340f327f252b82ad9b6c1c1f4f618 (patch) | |
| tree | 814e9c406e62246e0117602083eeb091f382078a /release_docs | |
| parent | 9d3ea366d4bf3278e8260f4d5cdcc88cb4b61c56 (diff) | |
| download | hdf5-88e458ac435340f327f252b82ad9b6c1c1f4f618.zip hdf5-88e458ac435340f327f252b82ad9b6c1c1f4f618.tar.gz hdf5-88e458ac435340f327f252b82ad9b6c1c1f4f618.tar.bz2 | |
Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and CVE-2018-13869)
Description:
When a buffer overflow occurred because a name length was corrupted
and became very large, h5dump produced a segfault on one file and a
memcpy parameter overlap on another file. This commit added checks
that detect a read pass the end of the buffer to prevent these error
conditions.
Platforms tested:
Linux/64 (jelly)
SunOS 5.11 (emu)
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 84f339a..ba8eabe 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -656,6 +656,17 @@ Bug Fixes since HDF5-1.10.3 release Library ------- + - Fixed issues CVE-2018-13870 and CVE-2018-13869 + + When a buffer overflow occurred because a name length was corrupted + and became very large, h5dump crashed on memory access violation. + + A check for reading pass the end of the buffer was added to multiple + locations to prevent the crashes and h5dump now simply fails with an + error message when this error condition occurs. + + (BMR - 2020/7/22, HDFFV-11120 and HDFFV-11121) + - Fixed the segmentation fault when reading attributes with multiple threads It was reported that the reading of attributes with variable length string |