mirror/hdf5
2
0
Fork 0
mirror of https://github.com/HDFGroup/hdf5.git synced 2024-12-03 02:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adds a release note for PR #2210 (CVE-2019-8396) (#2247)

Browse Source 
* Adds a release note for PR #2210 (CVE-2019-8396)

* Capitalization issue fixed
This commit is contained in:
Dana Robinson 2022-11-09 17:03:55 -08:00 committed by GitHub
parent d93c6fae43
commit a8942c7413
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
release_docs/RELEASE.txt
View File

@ -89,6 +89,17 @@ New Features
Library:
--------
- Fix for CVE-2019-8396
Malformed HDF5 files may have truncated content which does not match
the expected size. When H5O__pline_decode() attempts to decode these it
may read past the end of the allocated space leading to heap overflows
as bounds checking is incomplete.
The fix ensures each element is within bounds before reading.
(2022/11/09 - HDFFV-10712, CVE-2019-8396, GitHub #2209)
- Removal of memory allocation sanity checks feature
This feature added heap canaries and statistics tracking for internal