Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Jul 2015 12:21:31 -0500
From: Tyler Hicks <>
Subject: Re: RE: strings /libbfd crash

On 2014-11-04 05:21:42, Joshua Rogers wrote:
> I'd like to expand on this:
> and mention that 'ihex.c' is also vulnerable to the same thing, as they
> share the same code.
> > :10010000214601360121470136007EFE09D2190140
> > :100110002146017E17C0001FF5F16002148011928
> > :10012000194E79234623965778239EDA3F01B2CAA7
> > :100130003F0156702B5E712B722B732146013421C7
> > :00000001Ff
> is an example of code that will crash it.

This was never fixed upstream. I've opened a bug and attached a patch:

I think this deserves CVE assignment since the srec.c issue was assigned
CVE-2014-8504 and it is very similar in nature.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.