https://sourceware.org/bugzilla/show_bug.cgi?id=32030
--- Comment #2 from Nicolaas Weideman <nhweideman at gmail dot com> --- I agree that DoS is probably not the main concern here because, as you mentioned, services analyzing untrusted code should have reasonable timeouts to prevent DoS. That being said, "timeout" is clearly an undesirable outcome when attempting to analyze a potentially malicious executable. I believe this performance issue should be considered a vulnerability, because a malicious executable can exploit the undesirable behavior of BFD in order to force a timeout and thereby evade analysis. -- You are receiving this mail because: You are on the CC list for the bug.
