[Bug binutils/29200] New: Infinite loop in nm-new
https://sourceware.org/bugzilla/show_bug.cgi?id=29200 Bug ID: 29200 Summary: Infinite loop in nm-new Product: binutils Version: 2.36.1 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: abhishah212 at gmail dot com Target Milestone: --- Created attachment 14122 --> https://sourceware.org/bugzilla/attachment.cgi?id=14122&action=edit infinite loop artifacts We found an infinite loop in `nm`. We describe our best effort to understand the vulnerability below. We attach the relevant files as well. *Location* https://github.com/bminor/binutils-gdb/blob/binutils-2_36-branch/libiberty/cp-demangle.c#L1548 *Description* While loop never terminates, as the intermediate conditional statements are not satisfied. *Fix* Convert while loop to a bounded for loop statement. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29201] New: Stack Overflow Infinite Recursion in nm-new
https://sourceware.org/bugzilla/show_bug.cgi?id=29201 Bug ID: 29201 Summary: Stack Overflow Infinite Recursion in nm-new Product: binutils Version: 2.36.1 Status: UNCONFIRMED Severity: normal Priority: P2 Component: binutils Assignee: unassigned at sourceware dot org Reporter: abhishah212 at gmail dot com Target Milestone: --- Created attachment 14123 --> https://sourceware.org/bugzilla/attachment.cgi?id=14123&action=edit poc for stack overflow We found a stack overflow resulting from a unbounded recursion in `nm-ew`. We discuss our understanding of the vulnerability below. We attach the relevant files as well. *Location* https://github.com/bminor/binutils-gdb/blob/binutils-2_36-branch/libiberty/rust-demangle.c#L696 *Description* Recursive call to demangle_path never hits base case. *Fix* Attach a recursion depth for recursive function. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29200] Infinite loop in nm-new
https://sourceware.org/bugzilla/show_bug.cgi?id=29200 --- Comment #3 from A --- Thanks for the info. Do you think notifying users through a CVE is appropriate, given the exploitable nature (e.g., denial of service)? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug binutils/29201] Stack Overflow Infinite Recursion in nm-new
https://sourceware.org/bugzilla/show_bug.cgi?id=29201 --- Comment #2 from A --- Glad that it was fixed. Given the potential security impact, should we notify users through a CVE? What do you think? -- You are receiving this mail because: You are on the CC list for the bug.
