[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/23963] objdump unsafely prints control characters from str
nickc at redhat dot com
[Bug binutils/23963] objdump unsafely prints control characters from string table
Fri, 01 Feb 2019 10:34:39 +0000
--- Comment #6 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Ben N from comment #5)
> Thanks Nick. As I couldn't find functionality in objdump that warranted the
> printing of control sequences and readelf already mitigate this behaviour, I
> believe this to be a security vulnerability.
> Can you please let me know your thoughts on this. I would like to apply for
> a CVE and to notify pkg maintainers so this patch is backported.
I think that you should apply for a CVE.
I am not familiar with how control sequences might trigger VTE vulberabilities,
but I do see how they could be used to conceal information in objdump's output,
which would obviously be bad.
You are receiving this mail because:
You are on the CC list for the bug.