oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: strings / libbfd crasher

From: Hanno Böck <hanno () hboeck de>
Date: Sun, 26 Oct 2014 23:44:49 +0100
Am Sun, 26 Oct 2014 18:05:01 -0400 (EDT)
schrieb cve-assign () mitre org:


There is currently no CVE ID for the
psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25,
2014 7:20 PM" comment about "another one related with PE file headers
parsing." In general, a separate discovery that's potentially
exploitable for code execution could have its own CVE ID. Does anyone
want a CVE ID for that?


The information in the comment is a bit scarce, it seems he hasn't
published his sample (?).
Anyway I checked the radare2-testsuite he was pointing to and found a
crasher in the PE parser, I don't know if this is the same one, but I
reported it upstream:
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

As this is a write to uninitialized memory it seems to me a CVE is
deserved.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: