[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: re: [oss-security] two vulns in uClibc-0.9.33.2
From: "=?ISO-8859-1?B?ZmVmZQ==?=" <qbenjin () qq ! com>
Date: 2017-06-27 2:09:36
Message-ID: tencent_7F2AC5D33F7F57F6557B54AE () qq ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
> > I tried to cross-compile attached code and run it in
> > qemu-system-arm.
> > What should be the result?
Use -fsanitize=address , otherwise it do not crash.
> > a segfault for poc2.c. But this also happens with glibc
> > based system.
> > Is the complete app code just plain wrong?
> > Can you provide full application code and the results showing the
> > issue?
I think glibc is also affected, if some servers, like php server, use glibc or uclibc to \
parser regular expression which is inputed by users, it can case DDOS.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic