[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/22307] New: Heap out of bounds read in _bfd_elf_parse_gnu_
From: |
mgcho.minic at gmail dot com |
Subject: |
[Bug binutils/22307] New: Heap out of bounds read in _bfd_elf_parse_gnu_properties() |
Date: |
Tue, 17 Oct 2017 06:49:42 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=22307
Bug ID: 22307
Summary: Heap out of bounds read in
_bfd_elf_parse_gnu_properties()
Product: binutils
Version: 2.30 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: mgcho.minic at gmail dot com
Target Milestone: ---
Created attachment 10535
--> https://sourceware.org/bugzilla/attachment.cgi?id=10535&action=edit
POC to trigger heap out of bounds read
Triggered by "./objdump -x $POC"
Tested on Ubuntu 16.04 (x86)
The GDB debugging information is as follows:
(gdb) r -x $POC
Program received signal SIGSEGV, Segmentation fault.
bfd_getl32 (p=0x21edd94) at libbfd.c:557
557 v = (unsigned long) addr[0];
(gdb) bt
#0 bfd_getl32 (p=0x21edd94) at libbfd.c:557
#1 0x080e6288 in _bfd_elf_parse_gnu_properties (abfd=<optimized out>,
note=<optimized out>) at elf-properties.c:98
#2 0x080bfbfc in elfobj_grok_gnu_note (abfd=<optimized out>, note=<optimized
out>) at elf.c:9815
#3 elf_parse_notes (abfd=<optimized out>, buf=<optimized out>, size=<optimized
out>, offset=<optimized out>)
at elf.c:11028
#4 0x080bf3f8 in _bfd_elf_make_section_from_shdr (abfd=<optimized out>,
hdr=<optimized out>, name=<optimized out>,
shindex=<optimized out>) at elf.c:1092
#5 0x080c266f in bfd_section_from_shdr (abfd=<optimized out>,
shindex=<optimized out>) at elf.c:2421
#6 0x080bbc65 in bfd_elf32_object_p (abfd=<optimized out>) at ./elfcode.h:805
#7 0x080a6eca in bfd_check_format_matches (abfd=<optimized out>,
format=<optimized out>, matching=<optimized out>)
at format.c:311
#8 0x0804a940 in display_object_bfd (abfd=0x81e9a08) at ./objdump.c:3609
#9 display_any_bfd (file=0x81e9a08, level=<optimized out>) at ./objdump.c:3700
#10 0x0804a4ea in display_file (filename=0xbffff305
"/tmp/objdump/libbfd_getl_crash", target=<optimized out>,
last_file=<optimized out>) at ./objdump.c:3721
#11 main (argc=<optimized out>, argv=<optimized out>) at ./objdump.c:4023
Credits:
This vulnerability was discovered by Mingi Cho and Taekyoung Kwon of the
Information Security Lab, Yonsei University. Please contact
address@hidden and address@hidden if you need more information
about the vulnerability and the lab.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/22307] New: Heap out of bounds read in _bfd_elf_parse_gnu_properties(),
mgcho.minic at gmail dot com <=