I am Dongdong She, a PhD student from Columbia University. We are doing some fuzzing tests on Binutils-2.30 and find a heap overflow bug in nm-new 32 bit version. We also filed a interger-overflow bug in binutils-2.30 recently at
https://sourceware.org/bugzilla/show_bug.cgi?id=23932. Can we get the corresponding CVE number for the two bugs reported?
Heap overflow in nm-new(32 bit version)
Description:
Configure name:
host='x86_64-pc-linux-gnu' target='x86_64-pc-linux-gnu', CFLAGS="-g -O2 -m32 -fsanitize=address", we also attached the config.status below.
Options:
nm-new -C ./crash_input
Input:
file crash_input (attached below)
Thank you