readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Through elaborately constructed elf files, remote code execution can be realized.
PoC
./readelf -d poc_elf_overflow
Dynamic section at offset 0x2df8 contains (up to) 30 entries:
Tag Type Name/Value
zsh: segmentation fault ./readelf -d poc_elf_overflow
Hi,
readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Through elaborately constructed elf files, remote code execution can be realized.
PoC
poc_elf_overflow.zip
Patch
The text was updated successfully, but these errors were encountered: