Security vulnerabilities and automated fixes for netcdf issues
1 post found
A critical buffer overflow vulnerability was discovered and patched in the NetCDF Operators (NCO) library, specifically in the filter string construction loop within `nco_flt.c`. The flaw stemmed from repeated use of `strcat()` and `sprintf()` without any bounds checking, allowing an attacker to supply crafted filter specifications that overflow a fixed-size buffer and corrupt adjacent memory. The fix replaces these unsafe calls with bounds-aware `snprintf()` invocations that track the current w