oss-sec mailing list archives
Re: Re: strings / libbfd crasher
From: Jann Horn <jann () thejh net>
Date: Mon, 3 Nov 2014 02:23:17 +0100
On Sun, Nov 02, 2014 at 04:57:23PM -0800, Michal Zalewski wrote:
Call stack exhaustion is generally non-exploitable in itself.
It can be exploitable in multithreaded programs though if there is an unused stack allocation of at least one page further down in the stack.
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: strings / libbfd crasher, (continued)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Tavis Ormandy (Oct 24)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
- Re: strings / libbfd crasher cve-assign (Oct 30)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 02)
- Re: Re: strings / libbfd crasher Hanno Böck (Nov 02)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 02)
- Re: Re: strings / libbfd crasher Jann Horn (Nov 02)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 11)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 15)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)