Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 23 Dec 2021 15:33:30 +0300
From: Pavel Mayorov <pmayorov@...udlinux.com>
To: oss-security@...ts.openwall.com
Subject: binutils: Stack-overflow in debug_write_type in debug.c

Hello!

It was observed that CVE-2018-12700 in binutils package wasn't completely fixed.
I was able to reproduce that issue by following instructions I had
described in https://sourceware.org/bugzilla/show_bug.cgi?id=28718
I assessed that this issue is only locally exploitable. Its impact is
to resource availability and
observable effects of objdump which I've tested range from fatal
signal reception to livelock (due to optimization of recursions).
The exact effect depends on compiler version and operating system.

Due to the nature of binutils which are normally used by developers
only and don't affect production environments, I've decided to
publicly report that issue.

-- 
Best regards,

Pavel Mayorov
Senior C Developer


CloudLinux.com  |  KernelCare.com  |  Imunify360  | AlmaLinux

helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support
Follow twitter.com/CloudLinuxOS for technical updates

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.