[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/25822] New: Invalid read in process_symbol_table()
|
From: |
nguyenmanhdung1710 at gmail dot com |
|
Subject: |
[Bug binutils/25822] New: Invalid read in process_symbol_table() |
|
Date: |
Wed, 15 Apr 2020 05:20:39 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=25822
Bug ID: 25822
Summary: Invalid read in process_symbol_table()
Product: binutils
Version: 2.35 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: nguyenmanhdung1710 at gmail dot com
Target Milestone: ---
Created attachment 12457
--> https://sourceware.org/bugzilla/attachment.cgi?id=12457&action=edit
PoC for an invalid read
Hi,
An invalid read was discovered in readelf (the latest commit c98a454) in
process_symbol_table(), that can cause a denial of service, via a crafted file.
To reproduce: readelf -a PoC
ASAN says:
==21088==ERROR: AddressSanitizer: SEGV on unknown address 0x000000006800 (pc
0x000000441f8e bp 0x7ffcee26c560 sp 0x7ffcee26c3f0 T0)
#0 0x441f8d in process_symbol_table ../../binutils/readelf.c:12155
#1 0x4619d2 in process_object ../../binutils/readelf.c:20124
#2 0x463527 in process_file ../../binutils/readelf.c:20602
#3 0x463941 in main ../../binutils/readelf.c:20671
#4 0x7ff3d199a82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#5 0x402808 in _start
(/home/dungnguyen/PoCs/readelf_f717994/readelf_c98a454+0x402808)
Thanks,
Manh Dung
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/25822] New: Invalid read in process_symbol_table(),
nguyenmanhdung1710 at gmail dot com <=