Date: Thu, 9 Mar 2023 13:34:58 +0000 From: Qualys Security Advisory <qsa@...lys.com> To: Georgi Guninski <gguninski@...il.com> CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Hi Georgi, On Mon, Mar 06, 2023 at 09:53:06AM +0200, Georgi Guninski wrote: > So besides the double free bug you managed to circumvent > the mitigation in both linux and openbsd, right? > Did you find weakness in the mitigation or did you find > fundamental way to exploit double free? We have not been able to do anything useful on Linux (glibc) yet. On OpenBSD, what we did works only because this double free is of the form "free(ptr); many other malloc() and free() calls; free(ptr);". If it were of the form "free(ptr); no other malloc() or free() call; free(ptr);" then this double free would be caught immediately by malloc's security checks. Hopefully this helps! With best regards, -- the Qualys Security Advisory team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.