[Bug ld/31544] Incorrect default subsystem version for POSIX PE binaries

[pali at kernel dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31544

--- Comment #1 from Pali Rohár  ---
Note that default version 19.90 is specified also in MS LINK.EXE documentation:
https://learn.microsoft.com/en-us/cpp/build/reference/subsystem-specify-subsystem

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug binutils/32030] Algorithmic complexity vulnerability (CWE-407) in BFD

[nhweideman at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=32030

--- Comment #2 from Nicolaas Weideman  ---
I agree that DoS is probably not the main concern here because, as you
mentioned, services analyzing untrusted code should have reasonable timeouts to
prevent DoS.

That being said, "timeout" is clearly an undesirable outcome when attempting to
analyze a potentially malicious executable. I believe this performance issue
should be considered a vulnerability, because a malicious executable can
exploit the undesirable behavior of BFD in order to force a timeout and thereby
evade analysis.

-- 
You are receiving this mail because:
You are on the CC list for the bug.