Date: Mon, 27 Oct 2014 03:50:30 +0300 From: Alexander Cherepanov <cherepan@...me.ru> To: oss-security@...ts.openwall.com Subject: Re: Re: strings / libbfd crasher On 2014-10-27 01:05, cve-assign@...re.org wrote: > There is currently no CVE ID for the > psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25, > 2014 7:20 PM" comment about "another one related with PE file headers > parsing." In general, a separate discovery that's potentially > exploitable for code execution could have its own CVE ID. Does anyone > want a CVE ID for that? I don't know whether it's the same crash or not but I've dug results of my older experiments with zzuf. Attached are two crasher for `objdump -x` -- one pe and one elf. elf also crashes `strings`. Sorry, not researched. -- Alexander Cherepanov Download attachment "objdump-pe-crasher.xz" of type "application/x-xz" (336 bytes) Download attachment "objdump-elf-crasher.xz" of type "application/x-xz" (1552 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ