Closed
Description
Work environment
| Questions | Answers |
|---|---|
| OS/arch/bits (mandatory) | Ubuntu x86 64 |
| File format of the file you reverse (mandatory) | ELF |
| Architecture/bits of the file (mandatory) | x86/64 |
| r2 -v full output, not truncated (mandatory) | radare2 3.6.0-git 21923 @ linux-x86-64 git.3.5.1-149-g573f2caa3 commit: 573f2ca build: 2019-06-02__15:06:21 |
Expected behavior
$ ragg2 -a x86 -b 64 hello.r
$ <output asmcode>Actual behavior
$ ragg2 -a x86 -b 64 hello.r
$ Segmentation fault (core dumped)Steps to reproduce the behavior
Unzip hello.zip and you will get hello.r
Additional Logs, screenshots, source-code, configuration dump, ...
After checking the source code, the vulnerability is caused by lacking boundary checking for "egg->lang.elem_n++", resulting a heap buffer overflow. It could be fixed quickly by adding associated checking.
Metadata
Metadata
Assignees
Labels
No labels