|
| From: | dennis.r at columbia dot edu |
| Subject: | [Bug binutils/27294] Potentially exploitable Heap Overwrites in avr_elf32_load_records_from_section() |
| Date: | Tue, 23 Feb 2021 16:53:35 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=27294 --- Comment #3 from Dennis Roellke <dennis.r at columbia dot edu> --- My bad, it's not off-by-one. record_count is a user controlled input field, s.t. a malicious user could set the record_count for x counts to y and force a heap overwrite in https://sourcegraph.com/github.com/bminor/binutils-gdb@a7e3d08a26edefa411269636d7dcae7dd2736659/-/blob/bfd/elf32-avr.c#L4089 -- You are receiving this mail because: You are on the CC list for the bug.
| [Prev in Thread] | Current Thread | [Next in Thread] |