Skip to content

Commit

Permalink
Add release note for CVE-2017-17507 (#4275)
Browse files Browse the repository at this point in the history
  • Loading branch information
derobins authored Mar 28, 2024
1 parent c3d1c7c commit e908acc
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions release_docs/RELEASE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -693,6 +693,19 @@ Bug Fixes since HDF5-1.14.0 release

Library
-------
- Fixed CVE-2017-17507

This CVE was previously declared fixed, but later testing with a static
build of HDF5 showed that it was not fixed.

When parsing a malformed (fuzzed) compound type containing variable-length
string members, the library could produce a segmentation fault, crashing
the library.

This was fixed after GitHub PR #4234

Fixes GitHub issue #3446

- Fixed a cache assert with very large metadata objects

If the library tries to load a metadata object that is above a
Expand Down

0 comments on commit e908acc

Please sign in to comment.