mirror/hdf5
2
0
Fork 0
mirror of https://github.com/HDFGroup/hdf5.git synced 2024-11-27 02:10:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add release note for CVE-2017-17507 (#4275)

Browse Source
This commit is contained in:
Dana Robinson 2024-03-28 12:08:05 -07:00 committed by GitHub
parent c3d1c7c0ab
commit e908accadf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
release_docs/RELEASE.txt
View File

@ -693,6 +693,19 @@ Bug Fixes since HDF5-1.14.0 release
Library
-------
- Fixed CVE-2017-17507
This CVE was previously declared fixed, but later testing with a static
build of HDF5 showed that it was not fixed.
When parsing a malformed (fuzzed) compound type containing variable-length
string members, the library could produce a segmentation fault, crashing
the library.
This was fixed after GitHub PR #4234
Fixes GitHub issue #3446
- Fixed a cache assert with very large metadata objects
If the library tries to load a metadata object that is above a