[Bug binutils/23963] objdump unsafely prints control characters from str

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/23963] objdump unsafely prints control characters from str

From:	nickc at redhat dot com
Subject:	[Bug binutils/23963] objdump unsafely prints control characters from string table
Date:	Fri, 01 Feb 2019 10:34:39 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=23963

--- Comment #6 from Nick Clifton <nickc at redhat dot com> ---
(In reply to Ben N from comment #5)

Hi Ben,

> Thanks Nick. As I couldn't find functionality in objdump that warranted the
> printing of control sequences and readelf already mitigate this behaviour, I
> believe this to be a security vulnerability.

> Can you please let me know your thoughts on this. I would like to apply for
> a CVE and to notify pkg maintainers so this patch is backported.

I think that you should apply for a CVE.

I am not familiar with how control sequences might trigger VTE vulberabilities,
but I do see how they could be used to conceal information in objdump's output,
which would obviously be bad.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/23963] objdump unsafely prints control characters from string table, pajexali at gmail dot com, 2019/02/01
- [Bug binutils/23963] objdump unsafely prints control characters from string table, nickc at redhat dot com <=

Prev by Date: [Bug binutils/23963] objdump unsafely prints control characters from string table
Next by Date: How create small binaries with GNU binutils.
Previous by thread: [Bug binutils/23963] objdump unsafely prints control characters from string table
Next by thread: How create small binaries with GNU binutils.
Index(es):
- Date
- Thread