Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 20:48:10 +0800
From: Qixue Xiao <s2exqx@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Fwd: out of bound write in libdwarf -20151114

we found  an out of bound write in libdwarf -20151114.

we run it with valgrind , the result as follows:

============================================
$ valgrind ./dwarfdump -ka aw.elf
==5358== Memcheck, a memory error detector
==5358== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==5358== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==5358== Command: ../../llvm-codes/dwarf-20151114/dwarfdump/dwarfdump -ka aw.elf
==5358==
==5358== Invalid write of size 8
==5358==    at 0x40DA25: get_abbrev_array_info (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x40FD92: print_one_die_section (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x40ED22: print_infos (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x4050DE: process_one_file (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x403C1B: main (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==  Address 0x541fc00 is 18,352 bytes inside an unallocated
block of size 4,156,304 in arena "client"
==5358==

please see the attachment for the bug elf.

the vulnerability is found by Qixue Xiao at Tsinghua University.

Download attachment "aw.elf" of type "application/octet-stream" (7875 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.