Date: Fri, 31 Jul 2015 12:21:31 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: Re: RE: strings /libbfd crash On 2014-11-04 05:21:42, Joshua Rogers wrote: > I'd like to expand on this: > http://openwall.com/lists/oss-security/2014/10/27/4 > and mention that 'ihex.c' is also vulnerable to the same thing, as they > share the same code. > > > :10010000214601360121470136007EFE09D2190140 > > :100110002146017E17C0001FF5F16002148011928 > > :10012000194E79234623965778239EDA3F01B2CAA7 > > :100130003F0156702B5E712B722B732146013421C7 > > :00000001Ff > > is an example of code that will crash it. This was never fixed upstream. I've opened a bug and attached a patch: https://sourceware.org/bugzilla/show_bug.cgi?id=18750 I think this deserves CVE assignment since the srec.c issue was assigned CVE-2014-8504 and it is very similar in nature. Tyler Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ