[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    re: [oss-security] two vulns in  uClibc-0.9.33.2
From:       "=?ISO-8859-1?B?ZmVmZQ==?=" <qbenjin () qq ! com>
Date:       2017-06-27 2:09:36
Message-ID: tencent_7F2AC5D33F7F57F6557B54AE () qq ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

> > I tried to cross-compile attached code and run it in
> > qemu-system-arm.

> > What should be the result?


Use -fsanitize=address , otherwise it do not crash.



> > a segfault for poc2.c. But this also happens with glibc
> > based system.

> > Is the complete app code just plain wrong?
> > Can you provide full application code and the results showing the
> > issue?

I think glibc is also affected,  if some servers, like php server, use glibc or uclibc to \
parser regular expression which is inputed by users, it can case DDOS.



[prev in list] [next in list] [prev in thread] [next in thread]