1188521 – (CVE-2019-25050) VUL-1: CVE-2019-25050: gdal: stack-based buffer overflow in nc4_get_att

Bug 1188521 (CVE-2019-25050) - VUL-1: CVE-2019-25050: gdal: stack-based buffer overflow in nc4_get_att

Summary: VUL-1: CVE-2019-25050: gdal: stack-based buffer overflow in nc4_get_att

Status:	RESOLVED FIXED

Alias:	CVE-2019-25050

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Leap 15.2
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor (vote)
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/304606/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-07-20 14:16 UTC by Alexander Bergmann
Modified:	2021-07-20 15:08 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2021-07-20 14:16:56 UTC

CVE-2019-25050

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in
nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup
(called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25050
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml
https://github.com/OSGeo/gdal/commit/27b9bf644bcf1208f7d6594bdd104cc8a8bb0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25050
https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a

Comment 1 Wolfgang Frisch 2021-07-20 15:08:47 UTC

openSUSE:Factory    Already Fixed
openSUSE:Leap:15.2  Already Fixed