integer overflow vulnerability in strings

[Itay Beladev]

There is an integer overflow in strings.c, which can lead to heap overflow leading to RCE on the strings binary.

An attacker needs to have access to the `-n` parameter, to trigger this vulnerability.

PoC: `strings -n 4294967295 /usr/bin/strings`

the bug occurs here, in line 270:

And also here:

A CVE has been already assigned, its CVE-2024-27667.