[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23963] objdump unsafely prints control characters from str

From: nickc at redhat dot com
Subject: [Bug binutils/23963] objdump unsafely prints control characters from string table
Date: Fri, 01 Feb 2019 10:34:39 +0000


--- Comment #6 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Ben N from comment #5)

Hi Ben,

> Thanks Nick. As I couldn't find functionality in objdump that warranted the
> printing of control sequences and readelf already mitigate this behaviour, I
> believe this to be a security vulnerability.

> Can you please let me know your thoughts on this. I would like to apply for
> a CVE and to notify pkg maintainers so this patch is backported.

I think that you should apply for a CVE.

I am not familiar with how control sequences might trigger VTE vulberabilities,
but I do see how they could be used to conceal information in objdump's output,
which would obviously be bad.


You are receiving this mail because:
You are on the CC list for the bug.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]