[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Code Execution in Mathematical Context
|
From: |
Nils Emmerich |
|
Subject: |
Code Execution in Mathematical Context |
|
Date: |
Tue, 4 Jun 2019 13:42:40 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 |
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -g -O2 -Wno-parentheses -Wno-format-security
uname output: Linux VirtualBox 4.18.0-20-generic #21~18.04.1-Ubuntu SMP $
Machine Type: x86_64-pc-linux-gnu
Bash Version: 5.0
Patch Level: 0
Release Status: release
Description:
It is possible to get code execution via a user supplied
variable in the mathematical context.
I don't know if this is considered a bug or not, but if not, I
think people should be made aware that the mathematical context is unsafe.
Repeat-By:
If this is considered a bug I would like to get in contact with
someone in charge.
--
Nils Emmerich
ERNW Research GmbH
Carl-Bosch-Str. 4
69115 Heidelberg
www.ernw.de
Tel. +49 6221 480390 (Sekretariat)
Handelsregister Mannheim HRB 723285
Geschäftsführer: Dr.-Ing. Andreas Dewald
Blog: www.insinuator.net
Conference: www.troopers.de
Re: Code Execution in Mathematical Context, Chet Ramey, 2019/06/04