[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] RE: strings /libbfd crash
From: Tyler Hicks <tyhicks () canonical ! com>
Date: 2015-07-31 17:21:31
Message-ID: 20150731172130.GA30077 () boyd
[Download RAW message or body]
On 2014-11-04 05:21:42, Joshua Rogers wrote:
> I'd like to expand on this:
> http://openwall.com/lists/oss-security/2014/10/27/4
> and mention that 'ihex.c' is also vulnerable to the same thing, as they
> share the same code.
>
> > :10010000214601360121470136007EFE09D2190140
> > :100110002146017E17C0001FF5F16002148011928
> > :10012000194E79234623965778239EDA3F01B2CAA7
> > :100130003F0156702B5E712B722B732146013421C7
> > :00000001Ff
>
> is an example of code that will crash it.
This was never fixed upstream. I've opened a bug and attached a patch:
https://sourceware.org/bugzilla/show_bug.cgi?id=18750
I think this deserves CVE assignment since the srec.c issue was assigned
CVE-2014-8504 and it is very similar in nature.
Tyler
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic