diff options
Diffstat (limited to 'release_docs')
-rw-r--r-- | release_docs/RELEASE.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 40b9175..396629c 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -924,6 +924,24 @@ Bug Fixes since HDF5-1.12.0 release =================================== Library ------- + - Fixed an invalid read and memory leak when parsing corrupt file space + info messages + + When the corrupt file from CVE-2020-10810 was parsed by the library, + the code that imports the version 0 file space info object header + message to the version 1 struct could read past the buffer read from + the disk, causing an invalid memory read. Not catching this error would + cause downstream errors that eventually resulted in a previously + allocated buffer to be unfreed when the library shut down. In builds + where the free lists are in use, this could result in an infinite loop + and SIGABRT when the library shuts down. + + We now track the buffer size and raise an error on attempts to read + past the end of it. + + (DER - 2021/08/12, HDFFV-11053) + + - Fixed CVE-2018-14460 The tool h5repack produced a segfault when the rank in dataspace |