Date: Mon, 3 Nov 2014 02:23:17 +0100 From: Jann Horn <jann@...jh.net> To: oss-security@...ts.openwall.com Subject: Re: Re: strings / libbfd crasher On Sun, Nov 02, 2014 at 04:57:23PM -0800, Michal Zalewski wrote: > Call stack exhaustion is generally non-exploitable > in itself. It can be exploitable in multithreaded programs though if there is an unused stack allocation of at least one page further down in the stack. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ