New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SIGSEGV packing corrupted Mach-O file canPack #146
Comments
|
devel branch now complains segfault-macho: CantPackException: bad Mach_command[0]{0x19, 0x800048} |
|
This issue has been assigned CVE-2017-16869 |
|
This particular issue is equivalent to a compiler throwing a SIGSEGV instead of generating a polite error message upon detecting a syntax error in random input that was not previously touched by the compiler. Assigning a CVE to this issue is incorrect; there is NO SECURITY IMPLICATION WHATSOEVER. There is NO DENIAL-OF-SERVICE opportunity that is exacerbated by UPX. UPX Team REJECTS assigning any CVE for this particular issue #146 . |
|
Hello!
On Fri, Nov 17, 2017 at 11:11:27PM +0000, John Reiser wrote:
This particular issue is equivalent to a compiler throwing a SIGSEGV instead of generating a polite error message upon detecting a syntax error in random input that was not previously touched by the compiler. Assigning a CVE to this issue is incorrect; there is <b>NO SECURITY IMPLICATION WHATSOEVER</b>. There is <b>NO DENIAL-OF-SERVICE</b> opportunity that is exacerbated by UPX. UPX Team <b>REJECTS</b> assigning any CVE for this particular issue #146 .
Please note that I'm only the messenger here, while investigating new
CVE assignments this one popped up. So I'm uncertain who requested the
CVE, but I will ask MITRE to REJECT the CVE pointing to your
explanation.
|
What's the problem (or question)?
SIGSEGV in upx when packing the segfault-macho input file in the attached
segfault-macho.tar.gz.
PackMachBase<N_Mach::MachClass_64<N_BELE_CTP::LEPolicy> >::canPack (this=0x9b7030) at p_mach.cpp:1857
1857 if (lc_seg == segptr->cmd) {
Accessing illegal memory in register rdx.
What should have happened?
Program received signal SIGSEGV, Segmentation fault.
Do you have an idea for a solution?
How can we reproduce the issue?
1.upx segfault-macho
2.
3.
4.
Please tell us details about your environment.
upx --version):upx 3.95-git-7a0514d9b427+
UCL data compression library 1.03
zlib data compression library 1.2.8
LZMA SDK version 4.43
The text was updated successfully, but these errors were encountered: