oss-sec mailing list archives

Re: RE: strings /libbfd crash

From: Tyler Hicks <tyhicks () canonical com>
Date: Fri, 31 Jul 2015 12:21:31 -0500

On 2014-11-04 05:21:42, Joshua Rogers wrote:

I'd like to expand on this:
http://openwall.com/lists/oss-security/2014/10/27/4
and mention that 'ihex.c' is also vulnerable to the same thing, as they
share the same code.

:10010000214601360121470136007EFE09D2190140
:100110002146017E17C0001FF5F16002148011928
:10012000194E79234623965778239EDA3F01B2CAA7
:100130003F0156702B5E712B722B732146013421C7
:00000001Ff


is an example of code that will crash it.


This was never fixed upstream. I've opened a bug and attached a patch:

  https://sourceware.org/bugzilla/show_bug.cgi?id=18750

I think this deserves CVE assignment since the srec.c issue was assigned
CVE-2014-8504 and it is very similar in nature.

Tyler

Attachment: signature.asc
Description: Digital signature

Current thread:

Re: RE: strings /libbfd crash Tyler Hicks (Jul 31)
- CVE Request: libbfd in binutils (was: strings /libbfd crash) Tyler Hicks (Aug 12)