oss-sec mailing list archives
Re: Re: strings / libbfd crasher
From: Alexander Cherepanov <cherepan () mccme ru>
Date: Mon, 27 Oct 2014 03:50:30 +0300
On 2014-10-27 01:05, cve-assign () mitre org wrote:
There is currently no CVE ID for the psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25, 2014 7:20 PM" comment about "another one related with PE file headers parsing." In general, a separate discovery that's potentially exploitable for code execution could have its own CVE ID. Does anyone want a CVE ID for that?
I don't know whether it's the same crash or not but I've dug results of my older experiments with zzuf. Attached are two crasher for `objdump -x` -- one pe and one elf. elf also crashes `strings`. Sorry, not researched.
-- Alexander Cherepanov
Attachment:
objdump-pe-crasher.xz
Description:
Attachment:
objdump-elf-crasher.xz
Description:
Current thread:
- Re: Re: strings / libbfd crasher, (continued)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 15)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
- Re: Re: strings / libbfd crasher mancha (Nov 03)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 03)
- Re: Re: strings / libbfd crasher mancha (Nov 03)
- Re: strings / libbfd crasher cve-assign (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher mancha (Nov 05)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: strings / libbfd crasher cve-assign (Nov 12)
- Re: Re: strings / libbfd crasher Michal Zalewski (Oct 26)
- Re: Re: strings / libbfd crasher Michal Zalewski (Oct 27)
- Re: Re: strings / libbfd crasher Jakub Wilk (Oct 27)