PYSEC-2021-888

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/gdal/PYSEC-2021-888.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-888

Aliases

CVE-2019-25050

Published

2021-07-20T07:15:00Z

Modified

2024-11-21T14:57:32.273602Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt (called from nc4getatttc and ncgetatttext) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

References

Affected packages

PyPI / gdal

Package

Name: gdal; View open source insights on deps.dev
Purl: pkg:pypi/gdal

Affected ranges

Type: GIT
Repo: https://github.com/OSGeo/gdal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

767e3a56144f676ca738ef8f700e0e56035bd05a

Fixed

27b9bf644bcf1208f7d6594bdd104cc8a8bb0646

Type: ECOSYSTEM
Events: Introduced

2.4.2

Fixed

3.1.0

Affected versions

2.*

2.4.2

2.4.3

2.4.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/gdal/PYSEC-2021-888.yaml"