Date: Wed, 12 Aug 2015 09:43:24 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: security@...ntu.com Subject: CVE Request: libbfd in binutils (was: strings /libbfd crash) On 2015-07-31 12:21:31, Tyler Hicks wrote: > On 2014-11-04 05:21:42, Joshua Rogers wrote: > > I'd like to expand on this: > > http://openwall.com/lists/oss-security/2014/10/27/4 > > and mention that 'ihex.c' is also vulnerable to the same thing, as they > > share the same code. > > > > > :10010000214601360121470136007EFE09D2190140 > > > :100110002146017E17C0001FF5F16002148011928 > > > :10012000194E79234623965778239EDA3F01B2CAA7 > > > :100130003F0156702B5E712B722B732146013421C7 > > > :00000001Ff > > > > is an example of code that will crash it. > > This was never fixed upstream. I've opened a bug and attached a patch: > > https://sourceware.org/bugzilla/show_bug.cgi?id=18750 > > I think this deserves CVE assignment since the srec.c issue was assigned > CVE-2014-8504 and it is very similar in nature. Ping on this CVE request since it wasn't clear that I was requesting one in the last email. A fix has been committed upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b Thanks! Tyler Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.