Fluid Attacks Database

Description

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gdal	=3.10.0+dfsg-1 \|\| =3.10.0+dfsg-1~exp1 \|\| =3.10.0~beta1+dfsg-1~exp1 \|\| =3.10.0~rc1+dfsg-1~exp1 \|\| =3.10.0~rc2+dfsg-1~exp1 \|\| =3.10.0~rc3+dfsg-1~exp1 \|\| =3.10.1+dfsg-1 \|\| =3.10.1~rc1+dfsg-1~exp1 \|\| =3.10.1~rc2+dfsg-1~exp1 \|\| =3.10.2+dfsg-1 \|\| =3.10.2~rc1+dfsg-1~exp1 \|\| =3.10.3+dfsg-1 \|\| =3.10.3+dfsg-2 \|\| =3.10.3~rc1+dfsg-1~exp1 \|\| =3.11.0+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp2 \|\| =3.11.0~rc1+dfsg-1~exp1 \|\| =3.11.0~rc1+dfsg-1~exp2 \|\| =3.11.0~rc2+dfsg-1~exp1 \|\| =3.11.1+dfsg-1~exp1 \|\| =3.11.1~rc1+dfsg-1~exp1 \|\| =3.11.1~rc2+dfsg-1~exp1 \|\| =3.11.2+dfsg-1~exp1 \|\| =3.11.2~rc1+dfsg-1~exp1 \|\| =3.11.2~rc2+dfsg-1~exp1 \|\| =3.11.3+dfsg-1 \|\| =3.11.3+dfsg-1~exp1 \|\| =3.11.3+dfsg-1~exp2 \|\| =3.11.4+dfsg-1 \|\| =3.11.4~rc1+dfsg-1~exp1 \|\| =3.12.0+dfsg-1 \|\| =3.12.0+dfsg-1~exp1 \|\| =3.12.0~beta1+dfsg-1~exp1 \|\| =3.12.0~rc1+dfsg-1~exp1 \|\| =3.12.1+dfsg-1 \|\| =3.12.1~rc1+dfsg-1~exp1 \|\| =3.12.2+dfsg-1 \|\| =3.12.2~rc1+dfsg-1~exp1 \|\| =3.12.3+dfsg-1 \|\| =3.12.3~rc1+dfsg-1~exp1 \|\| =3.12.3~rc2+dfsg-1~exp1 \|\| =3.13.0+dfsg-1 \|\| =3.13.0+dfsg-1~exp1 \|\| =3.13.0~beta1+dfsg-1~exp1 \|\| =3.13.0~beta2+dfsg-1~exp1 \|\| =3.13.0~rc1+dfsg-1~exp1 \|\| =3.13.0~rc2+dfsg-1~exp1 \|\| =3.13.1~rc1+dfsg-1~exp1 \|\| =3.2.2+dfsg-2 \|\| =3.2.2+dfsg-2+deb11u1 \|\| =3.2.2+dfsg-2+deb11u2 \|\| =3.2.2+dfsg-3 \|\| =3.3.0+dfsg-1~exp1 \|\| =3.3.0+dfsg-1~exp2 \|\| =3.3.0~beta1+dfsg-1~exp1 \|\| =3.3.0~rc1+dfsg-1~exp1 \|\| =3.3.1+dfsg-1~exp1 \|\| =3.3.1~rc1+dfsg-1~exp1 \|\| =3.3.2+dfsg-1 \|\| =3.3.2+dfsg-2 \|\| =3.3.2~rc3+dfsg-1~exp1 \|\| =3.3.3+dfsg-1 \|\| =3.3.3+dfsg-2 \|\| =3.3.3~rc1+dfsg-1~exp1 \|\| =3.4.0+dfsg-1 \|\| =3.4.0+dfsg-1~exp1 \|\| =3.4.0~rc1+dfsg-1~exp1 \|\| =3.4.0~rc2+dfsg-1~exp1 \|\| =3.4.0~rc3+dfsg-1~exp1 \|\| =3.4.1+dfsg-1 \|\| =3.4.1~rc1+dfsg-1~exp1 \|\| =3.4.2+dfsg-1 \|\| =3.4.2~rc1+dfsg-1~exp1 \|\| =3.4.2~rc2+dfsg-1~exp1 \|\| =3.4.3+dfsg-1 \|\| =3.4.3~rc1+dfsg-1~exp1 \|\| =3.5.0+dfsg-1 \|\| =3.5.0+dfsg-1~exp1 \|\| =3.5.0~rc1+dfsg-1~exp1 \|\| =3.5.0~rc1+dfsg-1~exp2 \|\| =3.5.0~rc1+dfsg-1~exp3 \|\| =3.5.0~rc2+dfsg-1~exp1 \|\| =3.5.0~rc3+dfsg-1~exp1 \|\| =3.5.0~rc4+dfsg-1~exp1 \|\| =3.5.1+dfsg-1 \|\| =3.5.1~rc1+dfsg-1~exp1 \|\| =3.5.1~rc2+dfsg-1~exp1 \|\| =3.5.2+dfsg-1 \|\| =3.5.2~rc1+dfsg-1~exp1 \|\| =3.5.3+dfsg-1 \|\| =3.5.3~rc1+dfsg-1~exp1 \|\| =3.5.3~rc2+dfsg-1~exp1 \|\| =3.6.0+dfsg-1 \|\| =3.6.0+dfsg-1~exp1 \|\| =3.6.0+dfsg-2 \|\| =3.6.0~rc1+dfsg-1~exp1 \|\| =3.6.0~rc2+dfsg-1~exp1 \|\| =3.6.1+dfsg-1 \|\| =3.6.1~rc1+dfsg-1~exp1 \|\| =3.6.2+dfsg-1 \|\| =3.6.2~rc1+dfsg-1~exp1 \|\| =3.6.3+dfsg-1~exp1 \|\| =3.6.3~rc1+dfsg-1~exp1 \|\| =3.6.4+dfsg-1 \|\| =3.6.4+dfsg-1~exp1 \|\| =3.6.4~rc1+dfsg-1~exp1 \|\| =3.7.0+dfsg-1 \|\| =3.7.0+dfsg-1~exp1 \|\| =3.7.0~rc1+dfsg-1~exp1 \|\| =3.7.1+dfsg-1 \|\| =3.7.1~rc1+dfsg-1~exp1 \|\| =3.7.2+dfsg-1 \|\| =3.7.2~rc1+dfsg-1~exp1 \|\| =3.7.3+dfsg-1 \|\| =3.7.3~rc1+dfsg-1~exp1 \|\| =3.8.0+dfsg-1 \|\| =3.8.0+dfsg-1~exp1 \|\| =3.8.0~beta1+dfsg-1~exp1 \|\| =3.8.0~rc1+dfsg-1~exp1 \|\| =3.8.0~rc1+dfsg-1~exp2 \|\| =3.8.0~rc2+dfsg-1~exp1 \|\| =3.8.1+dfsg-1 \|\| =3.8.1~rc1+dfsg-1~exp1 \|\| =3.8.1~rc2+dfsg-1~exp1 \|\| =3.8.1~rc3+dfsg-1~exp1 \|\| =3.8.2+dfsg-1 \|\| =3.8.2~rc1+dfsg-1~exp1 \|\| =3.8.3+dfsg-1 \|\| =3.8.3+dfsg-1.1~exp1 \|\| =3.8.3+dfsg-2~exp1 \|\| =3.8.3~rc1+dfsg-1~exp1 \|\| =3.8.3~rc2+dfsg-1~exp1 \|\| =3.8.3~rc3+dfsg-1~exp1 \|\| =3.8.4+dfsg-1 \|\| =3.8.4+dfsg-2 \|\| =3.8.4+dfsg-2~exp1 \|\| =3.8.4+dfsg-3 \|\| =3.8.4~rc1+dfsg-1~exp1 \|\| =3.8.5+dfsg-1 \|\| =3.8.5~rc1+dfsg-1~exp1 \|\| =3.9.0+dfsg-1 \|\| =3.9.0+dfsg-1~exp1 \|\| =3.9.0~beta1+dfsg-1~exp1 \|\| =3.9.0~beta2+dfsg-1~exp1 \|\| =3.9.0~rc1+dfsg-1~exp1 \|\| =3.9.0~rc2+dfsg-1~exp1 \|\| =3.9.1+dfsg-1 \|\| =3.9.1~rc1+dfsg-1~exp1 \|\| =3.9.1~rc2+dfsg-1~exp1 \|\| =3.9.2+dfsg-1 \|\| =3.9.2~rc1+dfsg-1~exp1 \|\| =3.9.2~rc2+dfsg-1~exp1 \|\| =3.9.3+dfsg-1 \|\| =3.9.3~rc1+dfsg-1~exp1	-
debian 12	gdal	=3.10.0+dfsg-1 \|\| =3.10.0+dfsg-1~exp1 \|\| =3.10.0~beta1+dfsg-1~exp1 \|\| =3.10.0~rc1+dfsg-1~exp1 \|\| =3.10.0~rc2+dfsg-1~exp1 \|\| =3.10.0~rc3+dfsg-1~exp1 \|\| =3.10.1+dfsg-1 \|\| =3.10.1~rc1+dfsg-1~exp1 \|\| =3.10.1~rc2+dfsg-1~exp1 \|\| =3.10.2+dfsg-1 \|\| =3.10.2~rc1+dfsg-1~exp1 \|\| =3.10.3+dfsg-1 \|\| =3.10.3+dfsg-2 \|\| =3.10.3~rc1+dfsg-1~exp1 \|\| =3.11.0+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp2 \|\| =3.11.0~rc1+dfsg-1~exp1 \|\| =3.11.0~rc1+dfsg-1~exp2 \|\| =3.11.0~rc2+dfsg-1~exp1 \|\| =3.11.1+dfsg-1~exp1 \|\| =3.11.1~rc1+dfsg-1~exp1 \|\| =3.11.1~rc2+dfsg-1~exp1 \|\| =3.11.2+dfsg-1~exp1 \|\| =3.11.2~rc1+dfsg-1~exp1 \|\| =3.11.2~rc2+dfsg-1~exp1 \|\| =3.11.3+dfsg-1 \|\| =3.11.3+dfsg-1~exp1 \|\| =3.11.3+dfsg-1~exp2 \|\| =3.11.4+dfsg-1 \|\| =3.11.4~rc1+dfsg-1~exp1 \|\| =3.12.0+dfsg-1 \|\| =3.12.0+dfsg-1~exp1 \|\| =3.12.0~beta1+dfsg-1~exp1 \|\| =3.12.0~rc1+dfsg-1~exp1 \|\| =3.12.1+dfsg-1 \|\| =3.12.1~rc1+dfsg-1~exp1 \|\| =3.12.2+dfsg-1 \|\| =3.12.2~rc1+dfsg-1~exp1 \|\| =3.12.3+dfsg-1 \|\| =3.12.3~rc1+dfsg-1~exp1 \|\| =3.12.3~rc2+dfsg-1~exp1 \|\| =3.13.0+dfsg-1 \|\| =3.13.0+dfsg-1~exp1 \|\| =3.13.0~beta1+dfsg-1~exp1 \|\| =3.13.0~beta2+dfsg-1~exp1 \|\| =3.13.0~rc1+dfsg-1~exp1 \|\| =3.13.0~rc2+dfsg-1~exp1 \|\| =3.13.1~rc1+dfsg-1~exp1 \|\| =3.6.2+dfsg-1 \|\| =3.6.3+dfsg-1~exp1 \|\| =3.6.3~rc1+dfsg-1~exp1 \|\| =3.6.4+dfsg-1 \|\| =3.6.4+dfsg-1~exp1 \|\| =3.6.4~rc1+dfsg-1~exp1 \|\| =3.7.0+dfsg-1 \|\| =3.7.0+dfsg-1~exp1 \|\| =3.7.0~rc1+dfsg-1~exp1 \|\| =3.7.1+dfsg-1 \|\| =3.7.1~rc1+dfsg-1~exp1 \|\| =3.7.2+dfsg-1 \|\| =3.7.2~rc1+dfsg-1~exp1 \|\| =3.7.3+dfsg-1 \|\| =3.7.3~rc1+dfsg-1~exp1 \|\| =3.8.0+dfsg-1 \|\| =3.8.0+dfsg-1~exp1 \|\| =3.8.0~beta1+dfsg-1~exp1 \|\| =3.8.0~rc1+dfsg-1~exp1 \|\| =3.8.0~rc1+dfsg-1~exp2 \|\| =3.8.0~rc2+dfsg-1~exp1 \|\| =3.8.1+dfsg-1 \|\| =3.8.1~rc1+dfsg-1~exp1 \|\| =3.8.1~rc2+dfsg-1~exp1 \|\| =3.8.1~rc3+dfsg-1~exp1 \|\| =3.8.2+dfsg-1 \|\| =3.8.2~rc1+dfsg-1~exp1 \|\| =3.8.3+dfsg-1 \|\| =3.8.3+dfsg-1.1~exp1 \|\| =3.8.3+dfsg-2~exp1 \|\| =3.8.3~rc1+dfsg-1~exp1 \|\| =3.8.3~rc2+dfsg-1~exp1 \|\| =3.8.3~rc3+dfsg-1~exp1 \|\| =3.8.4+dfsg-1 \|\| =3.8.4+dfsg-2 \|\| =3.8.4+dfsg-2~exp1 \|\| =3.8.4+dfsg-3 \|\| =3.8.4~rc1+dfsg-1~exp1 \|\| =3.8.5+dfsg-1 \|\| =3.8.5~rc1+dfsg-1~exp1 \|\| =3.9.0+dfsg-1 \|\| =3.9.0+dfsg-1~exp1 \|\| =3.9.0~beta1+dfsg-1~exp1 \|\| =3.9.0~beta2+dfsg-1~exp1 \|\| =3.9.0~rc1+dfsg-1~exp1 \|\| =3.9.0~rc2+dfsg-1~exp1 \|\| =3.9.1+dfsg-1 \|\| =3.9.1~rc1+dfsg-1~exp1 \|\| =3.9.1~rc2+dfsg-1~exp1 \|\| =3.9.2+dfsg-1 \|\| =3.9.2~rc1+dfsg-1~exp1 \|\| =3.9.2~rc2+dfsg-1~exp1 \|\| =3.9.3+dfsg-1 \|\| =3.9.3~rc1+dfsg-1~exp1	-
debian 13	gdal	=3.10.3+dfsg-1 \|\| =3.10.3+dfsg-2 \|\| =3.11.0+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp2 \|\| =3.11.0~rc1+dfsg-1~exp1 \|\| =3.11.0~rc1+dfsg-1~exp2 \|\| =3.11.0~rc2+dfsg-1~exp1 \|\| =3.11.1+dfsg-1~exp1 \|\| =3.11.1~rc1+dfsg-1~exp1 \|\| =3.11.1~rc2+dfsg-1~exp1 \|\| =3.11.2+dfsg-1~exp1 \|\| =3.11.2~rc1+dfsg-1~exp1 \|\| =3.11.2~rc2+dfsg-1~exp1 \|\| =3.11.3+dfsg-1 \|\| =3.11.3+dfsg-1~exp1 \|\| =3.11.3+dfsg-1~exp2 \|\| =3.11.4+dfsg-1 \|\| =3.11.4~rc1+dfsg-1~exp1 \|\| =3.12.0+dfsg-1 \|\| =3.12.0+dfsg-1~exp1 \|\| =3.12.0~beta1+dfsg-1~exp1 \|\| =3.12.0~rc1+dfsg-1~exp1 \|\| =3.12.1+dfsg-1 \|\| =3.12.1~rc1+dfsg-1~exp1 \|\| =3.12.2+dfsg-1 \|\| =3.12.2~rc1+dfsg-1~exp1 \|\| =3.12.3+dfsg-1 \|\| =3.12.3~rc1+dfsg-1~exp1 \|\| =3.12.3~rc2+dfsg-1~exp1 \|\| =3.13.0+dfsg-1 \|\| =3.13.0+dfsg-1~exp1 \|\| =3.13.0~beta1+dfsg-1~exp1 \|\| =3.13.0~beta2+dfsg-1~exp1 \|\| =3.13.0~rc1+dfsg-1~exp1 \|\| =3.13.0~rc2+dfsg-1~exp1 \|\| =3.13.1~rc1+dfsg-1~exp1	-
debian 14	gdal	=3.10.3+dfsg-1 \|\| =3.10.3+dfsg-2 \|\| =3.11.0+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp1 \|\| =3.11.0~beta1+dfsg-1~exp2 \|\| =3.11.0~rc1+dfsg-1~exp1 \|\| =3.11.0~rc1+dfsg-1~exp2 \|\| =3.11.0~rc2+dfsg-1~exp1 \|\| =3.11.1+dfsg-1~exp1 \|\| =3.11.1~rc1+dfsg-1~exp1 \|\| =3.11.1~rc2+dfsg-1~exp1 \|\| =3.11.2+dfsg-1~exp1 \|\| =3.11.2~rc1+dfsg-1~exp1 \|\| =3.11.2~rc2+dfsg-1~exp1 \|\| =3.11.3+dfsg-1 \|\| =3.11.3+dfsg-1~exp1 \|\| =3.11.3+dfsg-1~exp2 \|\| =3.11.4+dfsg-1 \|\| =3.11.4~rc1+dfsg-1~exp1 \|\| =3.12.0+dfsg-1 \|\| =3.12.0+dfsg-1~exp1 \|\| =3.12.0~beta1+dfsg-1~exp1 \|\| =3.12.0~rc1+dfsg-1~exp1 \|\| =3.12.1+dfsg-1 \|\| =3.12.1~rc1+dfsg-1~exp1 \|\| =3.12.2+dfsg-1 \|\| =3.12.2~rc1+dfsg-1~exp1 \|\| =3.12.3+dfsg-1 \|\| =3.12.3~rc1+dfsg-1~exp1 \|\| =3.12.3~rc2+dfsg-1~exp1 \|\| =3.13.0+dfsg-1 \|\| =3.13.0+dfsg-1~exp1 \|\| =3.13.0~beta1+dfsg-1~exp1 \|\| =3.13.0~beta2+dfsg-1~exp1 \|\| =3.13.0~rc1+dfsg-1~exp1 \|\| =3.13.0~rc2+dfsg-1~exp1 \|\| =3.13.1~rc1+dfsg-1~exp1	-
pypi	gdal	=3.1.0 \|\| =3.1.1 \|\| =3.1.2 \|\| =3.1.3 \|\| =3.1.4 \|\| =3.10.0 \|\| =3.10.1 \|\| =3.10.2 \|\| =3.10.3 \|\| =3.11.0 \|\| =3.11.1 \|\| =3.11.2 \|\| =3.11.3 \|\| =3.11.4 \|\| =3.11.5 \|\| =3.12.0.post1 \|\| =3.12.1 \|\| =3.12.2 \|\| =3.12.3 \|\| =3.12.4 \|\| =3.13.0 \|\| =3.2.0 \|\| =3.2.1 \|\| =3.2.2 \|\| =3.2.2.1 \|\| =3.2.3 \|\| =3.3.0 \|\| =3.3.1 \|\| =3.3.2 \|\| =3.3.3 \|\| =3.4.0 \|\| =3.4.1 \|\| =3.4.2 \|\| =3.4.3 \|\| =3.5.0 \|\| =3.5.0.3 \|\| =3.5.1 \|\| =3.5.2 \|\| =3.5.3 \|\| =3.6.0 \|\| =3.6.0.1 \|\| =3.6.1 \|\| =3.6.2 \|\| =3.6.3 \|\| =3.6.4 \|\| =3.7.0 \|\| =3.7.1 \|\| =3.7.1.1 \|\| =3.7.2 \|\| =3.7.3 \|\| =3.8.0 \|\| =3.8.1 \|\| =3.8.2 \|\| =3.8.3 \|\| =3.8.4 \|\| =3.8.5 \|\| =3.9.0 \|\| =3.9.1 \|\| =3.9.2 \|\| =3.9.3 \|\| >=3.1.0 <3.13.1	3.13.1

Aliases

1. CVE-2026-490142. NVD-2026-490143. OSV-DEBIAN-2026-490144. OSV-2026-490145. OSV-PYSEC-2026-1936. GCVE-2026-490147. SECURITY-TRACKER-CVE-2026-49014

References

1. https://github.com/OSGeo/gdal/issues/14594

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.