On 10/30/18 9:19 PM, Eduardo Bustamante wrote:
> On Tue, Oct 30, 2018 at 1:03 PM Corbin Souffrant
> wrote:
> (...)
>> I found a reproducible use-after-free in every version of Bash from
>> 4.4-5.0beta, that could potentially be used to escape restricted mode. I
>> say potentially, because I can ge
I emailed with Chet today and got approval to post the writeup here. He
has already applied the patch. Thanks again for the fast response!
-Corbin
Use After Free Writeup:
In bash <3.2 using ^C while in a large brace expansion would slowly eat
memory with no way to ^C, so in bash 3.2 (2006-10-
On Tue, Oct 30, 2018 at 1:03 PM Corbin Souffrant
wrote:
(...)
> I found a reproducible use-after-free in every version of Bash from
> 4.4-5.0beta, that could potentially be used to escape restricted mode. I
> say potentially, because I can get it to crash in restricted mode, but I
> haven't gone t
Hello,
I found a reproducible use-after-free in every version of Bash from
4.4-5.0beta, that could potentially be used to escape restricted mode. I
say potentially, because I can get it to crash in restricted mode, but I
haven't gone through the effort of attempting to heap spray to overwrite
func
