Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 31 Jul 2015 12:21:31 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: Re: RE: strings /libbfd crash

On 2014-11-04 05:21:42, Joshua Rogers wrote:
> I'd like to expand on this:
> http://openwall.com/lists/oss-security/2014/10/27/4
> and mention that 'ihex.c' is also vulnerable to the same thing, as they
> share the same code.
> 
> > :10010000214601360121470136007EFE09D2190140
> > :100110002146017E17C0001FF5F16002148011928
> > :10012000194E79234623965778239EDA3F01B2CAA7
> > :100130003F0156702B5E712B722B732146013421C7
> > :00000001Ff
> 
> is an example of code that will crash it.

This was never fixed upstream. I've opened a bug and attached a patch:

  https://sourceware.org/bugzilla/show_bug.cgi?id=18750

I think this deserves CVE assignment since the srec.c issue was assigned
CVE-2014-8504 and it is very similar in nature.

Tyler

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.