[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[netCDF #BDF-181549]: security vulnerability checking

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

  • Subject: [netCDF #BDF-181549]: security vulnerability checking
  • Date: Wed, 14 May 2008 07:38:03 -0600
> The CDF library (cdf.gsfc.nasa.gov) has been updated to close a
> possible buffer overflow security vulnerability on reads. Have the
> netCDF code bases been checked for similar security holes? What
> security reviews have you performed? Recommended packages to use? We
> have taken the format translation service
> (cdf.gsfc.nasa.gov/html/dtws.html) offline for safety, and would like
> to update it soon with safer codes (CDF, HDF, netCDF, FITS). Thanx
>
> Robert Candey, Head of CDF project
> --
> address@hidden           1-301-286-6707
> NASA Goddard Space Flight Center, Code 672
> Greenbelt MD 20771 USA
>
> The contents of this message are mine personally and do not reflect any
position of the US Government or NASA.
>
>

Howdy Robert!

As far as I know, the netcdf code base has never been scanned for such security
holes, but my co-worker Russ will correct me if I am wrong there.

Since it is free source, of course such a review could be done by anyone.
Unfortunately I am unaware of what such a security review should look for.

Did you do such a review for the CDF library? Did you do it yourself or did
some outside group do it? Any information about your process would be most
welcome.

Thanks,

Ed

Ticket Details
===================
Ticket ID: BDF-181549
Department: Support netCDF
Priority: Normal
Status: Closed