Date: Thu, 23 Dec 2021 15:33:30 +0300 From: Pavel Mayorov <pmayorov@...udlinux.com> To: oss-security@...ts.openwall.com Subject: binutils: Stack-overflow in debug_write_type in debug.c Hello! It was observed that CVE-2018-12700 in binutils package wasn't completely fixed. I was able to reproduce that issue by following instructions I had described in https://sourceware.org/bugzilla/show_bug.cgi?id=28718 I assessed that this issue is only locally exploitable. Its impact is to resource availability and observable effects of objdump which I've tested range from fatal signal reception to livelock (due to optimization of recursions). The exact effect depends on compiler version and operating system. Due to the nature of binutils which are normally used by developers only and don't affect production environments, I've decided to publicly report that issue. -- Best regards, Pavel Mayorov Senior C Developer CloudLinux.com | KernelCare.com | Imunify360 | AlmaLinux helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support Follow twitter.com/CloudLinuxOS for technical updates
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.