philipp/hdf5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2711 in HDFFV/hdf5 from bmr-HDFFV-11120 to develop

Browse Source 
Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and CVE-2018-13869)

* commit '707e30c6be1954c0027374124207e46caae68cbc':
  Fixed typos in error messages.
  Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and CVE-2018-13869)
This commit is contained in:
Binh-Minh Ribler
2020-07-28 19:08:19 -05:00
parent b201a78b33 707e30c6be
commit cf4e78b3c9
2 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
release_docs/RELEASE.txt
View File

@@ -656,6 +656,17 @@ Bug Fixes since HDF5-1.10.3 release
Library
-------
- Fixed issues CVE-2018-13870 and CVE-2018-13869
When a buffer overflow occurred because a name length was corrupted
and became very large, h5dump crashed on memory access violation.
A check for reading pass the end of the buffer was added to multiple
locations to prevent the crashes and h5dump now simply fails with an
error message when this error condition occurs.
(BMR - 2020/7/22, HDFFV-11120 and HDFFV-11121)
- Fixed the segmentation fault when reading attributes with multiple threads
It was reported that the reading of attributes with variable length string