[Bug gas/31115] [ARM] The minimalistic DWARF DIE for function has wrong address in Thumb mode

https://sourceware.org/bugzilla/show_bug.cgi?id=31115 Tom de Vries changed: What|Removed |Added CC||vries at gcc dot gnu.org --- Comment #

integer overflow vulnerability in strings

There is an integer overflow in strings.c, which can lead to heap overflow leading to RCE on the strings binary. An attacker needs to have access to the `-n` parameter, to trigger this vulnerability. PoC: `strings -n 4294967295 /usr/bin/strings` the bug occurs here, in line 270: [image: image.png

[Bug gas/31115] [ARM] The minimalistic DWARF DIE for function has wrong address in Thumb mode

https://sourceware.org/bugzilla/show_bug.cgi?id=31115 Sam James changed: What|Removed |Added See Also||https://sourceware.org/bugz

[Bug gas/31115] [ARM] The minimalistic DWARF DIE for function has wrong address in Thumb mode

https://sourceware.org/bugzilla/show_bug.cgi?id=31115 Sam James changed: What|Removed |Added CC||sam at gentoo dot org -- You are receivi

Re: integer overflow vulnerability in strings

On Tue, Mar 05, 2024 at 09:16:51PM +0200, Itay Beladev wrote: > There is an integer overflow in strings.c, which can lead to heap overflow > leading to RCE on the strings binary. This is https://sourceware.org/bugzilla/show_bug.cgi?id=30595 and https://sourceware.org/bugzilla/show_bug.cgi?id=30598