[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/27290] New: Out-of-memory (OOM) Denial of Service via unpr
From: |
dennis.r at columbia dot edu |
Subject: |
[Bug binutils/27290] New: Out-of-memory (OOM) Denial of Service via unprotected memory allocation in elf32_avr_get_note_section_contents() |
Date: |
Sun, 31 Jan 2021 03:40:52 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=27290
Bug ID: 27290
Summary: Out-of-memory (OOM) Denial of Service via unprotected
memory allocation in
elf32_avr_get_note_section_contents()
Product: binutils
Version: 2.36
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: dennis.r at columbia dot edu
Target Milestone: ---
= Location =
https://sourcegraph.com/github.com/bminor/binutils-gdb@a7e3d08a26edefa411269636d7dcae7dd2736659/-/blob/binutils/od-elf32_avr.c#L89
= Description =
Large ".note.gnu.avr.deviceinfo" can be used to set large malloc parameter
*size = bfd_section_size (section); // ptr to ".note.gnu.avr.deviceinfo"
section
char *contents = (char *) xmalloc (*size);
Setting ".note.gnu.avr.deviceinfo" section size to 0 may also cause the
following line to segmentation fault bfd_get_section_contents (abfd, section,
contents, 0, *size);
= Fix =
Check the size of *size before using it.
--
You are receiving this mail because:
You are on the CC list for the bug.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug binutils/27290] New: Out-of-memory (OOM) Denial of Service via unprotected memory allocation in elf32_avr_get_note_section_contents(),
dennis.r at columbia dot edu <=