'Re: [oss-security] RE: strings /libbfd crash'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] RE: strings /libbfd crash
From:       Tyler Hicks <tyhicks () canonical ! com>
Date:       2015-07-31 17:21:31
Message-ID: 20150731172130.GA30077 () boyd
[Download RAW message or body]


On 2014-11-04 05:21:42, Joshua Rogers wrote:
> I'd like to expand on this:
> http://openwall.com/lists/oss-security/2014/10/27/4
> and mention that 'ihex.c' is also vulnerable to the same thing, as they
> share the same code.
> 
> > :10010000214601360121470136007EFE09D2190140
> > :100110002146017E17C0001FF5F16002148011928
> > :10012000194E79234623965778239EDA3F01B2CAA7
> > :100130003F0156702B5E712B722B732146013421C7
> > :00000001Ff
> 
> is an example of code that will crash it.

This was never fixed upstream. I've opened a bug and attached a patch:

  https://sourceware.org/bugzilla/show_bug.cgi?id=18750

I think this deserves CVE assignment since the srec.c issue was assigned
CVE-2014-8504 and it is very similar in nature.

Tyler

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic