Category Archives: security

re2c: heap overflow in Scanner::fill (scanner.cc)

Description: re2c is a tool for generating C-based recognizers from regular expressions. There is an heap overflow reproducible with a crafted file. ~ $ re2c -o /tmp/out $FILE ================================================================= ==43995==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000004212 at pc 0x00000049937f bp 0x7ffc0521bc00 … Continue reading

Posted in advisories, security | Leave a comment

Why I stopped fuzzing research

If you followed me in the past, you may have noticed that I stopped fuzzing research. During this time many people have asked me why…so instead of repeating the same answer every time, why not write a few lines about … Continue reading

Posted in advisories, gentoo, security | 4 Comments

binutils: invalid memory read in find_abstract_instance_name (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==23816==ERROR: AddressSanitizer: SEGV on unknown address 0x4700004008d0 (pc 0x0000005427b6 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX FOR CVE-2017-15023)

Description: binutils is a set of tools necessary to build programs. The commit fix for this issue says: The PR22200 fuzzer testcase found one way to put NULLs into .debug_line file tables. PR22205 finds another. So mitre considers this an … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in parse_die (dwarf1.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==26890==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6130000006d3 at pc 0x000000472115 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in bfd_hash_hash (hash.c)

Description: binutils is a set of tools necessary to build programs. The stacktrace of this issue appears to be a NULL pointer access. However the upstream maintainer changed the summary of the bugreport to “DW_AT_name with out of bounds reference”. … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in concat_filename (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==3765==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000006a7376 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in bfd_get_debug_link_info_1 (opncls.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==11994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000029e at pc 0x7f800af7095d bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: divide-by-zero in decode_line_info (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==11125==ERROR: AddressSanitizer: FPE on unknown address 0x7f5e01fd42e5 (pc 0x7f5e01fd42e5 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: infinite loop in find_abstract_instance_name (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The relevant ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==22616==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc2948efe8 (pc 0x0000004248eb bp 0x7ffc2948f8e0 … Continue reading

Posted in advisories, security | Leave a comment