Impact
Converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type or groups fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the drpg or arpg commands) are affected by this flaw.
Patches
#3422
d619670
Workarounds
Review the GDB register profiles before loading them with drpg/arpg commands.
References
|
char name[16], groups[128], type[16]; |
|
ret = sscanf(ptr, " %s %d %d %d %d %s %s", name, &number, &rel, |
- #3422
Impact
Converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the
name,typeorgroupsfields have longer values than expected. Users opening untrusted GDB registers files (e.g. with thedrpgorarpgcommands) are affected by this flaw.Patches
#3422
d619670
Workarounds
Review the GDB register profiles before loading them with
drpg/arpgcommands.References
rizin/librz/reg/profile.c
Line 514 in 3a7d511
rizin/librz/reg/profile.c
Line 545 in 3a7d511