Date: Fri, 31 Jul 2015 12:21:31 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: Re: RE: strings /libbfd crash On 2014-11-04 05:21:42, Joshua Rogers wrote: > I'd like to expand on this: > http://openwall.com/lists/oss-security/2014/10/27/4 > and mention that 'ihex.c' is also vulnerable to the same thing, as they > share the same code. > > > :10010000214601360121470136007EFE09D2190140 > > :100110002146017E17C0001FF5F16002148011928 > > :10012000194E79234623965778239EDA3F01B2CAA7 > > :100130003F0156702B5E712B722B732146013421C7 > > :00000001Ff > > is an example of code that will crash it. This was never fixed upstream. I've opened a bug and attached a patch: https://sourceware.org/bugzilla/show_bug.cgi?id=18750 I think this deserves CVE assignment since the srec.c issue was assigned CVE-2014-8504 and it is very similar in nature. Tyler Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.