oss-sec mailing list archives
Re: ncurses fixes upstream
From: Solar Designer <solar () openwall com>
Date: Wed, 19 Apr 2023 19:23:59 +0200
On Wed, Apr 19, 2023 at 04:55:06PM +0000, Jonathan Bar Or (JBO) wrote:
Yes, now that the cat is out of the bag there's no point - you can find some POCs here (not every find is covered by a POC, FYI): https://drive.google.com/drive/u/0/folders/1XZiHbH7W7is8cwTu7DKrpwBTYuYfRZqE Note not all of them work on Linux - some are macOS focused too.
I'm attaching the 5 scripts from there to this message for archival, as-is (text/plain) and in tar.gz (to avoid any mangling). There's also Ncurses.pdf, but it's too large for the mailing list because of embedded screenshots. SHA-256's of these all: c3b981fad88f17cc201bfa7f4230a348e30b449238e3d3406852691770876eda cost_oob_read.sh 526cde9fc78cb0712c0b725ecea316913f0302194702ebccdf1a1a146f32dac9 gen_terminfo.py f787189535fa21a8924db2afc2ef6301a931805b43ef8ea13cdefab6aacb83d0 heap_overflow.sh 2049668efcf24f34ce200d6c2b96fefc389cf4092cfd6c99f5da66a3d46b9a5f leak.sh 66b0706b0852a5b9e9644bea98edc0b0b84f5f7fec028fe2bf03964d46002594 type_confusion.sh 47b30bdd9fbf35cc900c3869e2303d0dabea44176fdfdfced97bd4ee329529c9 ncurses-exp.tar.gz a8ba31a02b596f7a9f61f61cc7a98ed9aac2d358f49614d4f480bcfad3fd2a78 Ncurses.pdf Alexander
Attachment:
cost_oob_read.sh
Description:
Attachment:
gen_terminfo.py
Description:
Attachment:
heap_overflow.sh
Description:
Attachment:
leak.sh
Description:
Attachment:
type_confusion.sh
Description:
Attachment:
ncurses-exp.tar.gz
Description:
Current thread:
- ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 12)
- Re: ncurses fixes upstream Sam James (Apr 13)
- Re: ncurses fixes upstream Georgi Guninski (Apr 15)
- Re: ncurses fixes upstream Solar Designer (Apr 15)
- Re: ncurses fixes upstream Georgi Guninski (Apr 15)
- Re: ncurses fixes upstream alice (Apr 13)
- Re: ncurses fixes upstream Mark Esler (Apr 13)
- Re: ncurses fixes upstream Tavis Ormandy (Apr 14)
- Re: ncurses fixes upstream Carlos López (Apr 19)
- RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 19)
- Re: ncurses fixes upstream Solar Designer (Apr 19)
- Re: ncurses fixes upstream Tavis Ormandy (Apr 20)
- Re: ncurses fixes upstream Sevan Janiyan (Apr 21)
- RE: [EXTERNAL] Re: [oss-security] ncurses fixes upstream Jonathan Bar Or (JBO) (Apr 19)
- Re: ncurses fixes upstream Sam James (Apr 13)