Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 12 Aug 2015 09:43:24 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: CVE Request: libbfd in binutils (was: strings /libbfd crash)

On 2015-07-31 12:21:31, Tyler Hicks wrote:
> On 2014-11-04 05:21:42, Joshua Rogers wrote:
> > I'd like to expand on this:
> > http://openwall.com/lists/oss-security/2014/10/27/4
> > and mention that 'ihex.c' is also vulnerable to the same thing, as they
> > share the same code.
> > 
> > > :10010000214601360121470136007EFE09D2190140
> > > :100110002146017E17C0001FF5F16002148011928
> > > :10012000194E79234623965778239EDA3F01B2CAA7
> > > :100130003F0156702B5E712B722B732146013421C7
> > > :00000001Ff
> > 
> > is an example of code that will crash it.
> 
> This was never fixed upstream. I've opened a bug and attached a patch:
> 
>   https://sourceware.org/bugzilla/show_bug.cgi?id=18750
> 
> I think this deserves CVE assignment since the srec.c issue was assigned
> CVE-2014-8504 and it is very similar in nature.

Ping on this CVE request since it wasn't clear that I was requesting one
in the last email.

A fix has been committed upstream:

  https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b

Thanks!

Tyler

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.