This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
> The CDF library (cdf.gsfc.nasa.gov) has been updated to close a > possible buffer overflow security vulnerability on reads. Have the > netCDF code bases been checked for similar security holes? What > security reviews have you performed? Recommended packages to use? We > have taken the format translation service > (cdf.gsfc.nasa.gov/html/dtws.html) offline for safety, and would like > to update it soon with safer codes (CDF, HDF, netCDF, FITS). Thanx > > Robert Candey, Head of CDF project > -- > address@hidden 1-301-286-6707 > NASA Goddard Space Flight Center, Code 672 > Greenbelt MD 20771 USA > > The contents of this message are mine personally and do not reflect any position of the US Government or NASA. > > Howdy Robert! As far as I know, the netcdf code base has never been scanned for such security holes, but my co-worker Russ will correct me if I am wrong there. Since it is free source, of course such a review could be done by anyone. Unfortunately I am unaware of what such a security review should look for. Did you do such a review for the CDF library? Did you do it yourself or did some outside group do it? Any information about your process would be most welcome. Thanks, Ed Ticket Details =================== Ticket ID: BDF-181549 Department: Support netCDF Priority: Normal Status: Closed