oss-sec mailing list archives
CVE Request: libbfd in binutils (was: strings /libbfd crash)
From: Tyler Hicks <tyhicks () canonical com>
Date: Wed, 12 Aug 2015 09:43:24 -0500
On 2015-07-31 12:21:31, Tyler Hicks wrote:
On 2014-11-04 05:21:42, Joshua Rogers wrote:I'd like to expand on this: http://openwall.com/lists/oss-security/2014/10/27/4 and mention that 'ihex.c' is also vulnerable to the same thing, as they share the same code.:10010000214601360121470136007EFE09D2190140 :100110002146017E17C0001FF5F16002148011928 :10012000194E79234623965778239EDA3F01B2CAA7 :100130003F0156702B5E712B722B732146013421C7 :00000001Ffis an example of code that will crash it.This was never fixed upstream. I've opened a bug and attached a patch: https://sourceware.org/bugzilla/show_bug.cgi?id=18750 I think this deserves CVE assignment since the srec.c issue was assigned CVE-2014-8504 and it is very similar in nature.
Ping on this CVE request since it wasn't clear that I was requesting one in the last email. A fix has been committed upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b Thanks! Tyler
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: RE: strings /libbfd crash Tyler Hicks (Jul 31)
- CVE Request: libbfd in binutils (was: strings /libbfd crash) Tyler Hicks (Aug 12)