Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 26 Oct 2014 23:44:49 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: strings / libbfd crasher

Am Sun, 26 Oct 2014 18:05:01 -0400 (EDT)
schrieb cve-assign@...re.org:

> There is currently no CVE ID for the
> psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25,
> 2014 7:20 PM" comment about "another one related with PE file headers
> parsing." In general, a separate discovery that's potentially
> exploitable for code execution could have its own CVE ID. Does anyone
> want a CVE ID for that?

The information in the comment is a bit scarce, it seems he hasn't
published his sample (?).
Anyway I checked the radare2-testsuite he was pointing to and found a
crasher in the PE parser, I don't know if this is the same one, but I
reported it upstream:
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

As this is a write to uninitialized memory it seems to me a CVE is
deserved.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.