Replying to this email means your email address will be shared with the team that works on this product. https://issues.oss-fuzz.com/issues/401056615
Reference Info: 401056615 binutils:fuzz_objdump_safe: Heap-buffer-overflow in _bfd_elf_parse_attributes component: Public Trackers > 1362134 > OSS Fuzz status: New reporter: 87...@developer.gserviceaccount.com cc: am...@gmail.com, bug-binutils@gnu.org, da...@adalogics.com, and 2 more collaborators: co...@oss-fuzz.com type: Vulnerability access level: Limited visibility priority: P2 severity: S2 hotlist: Reproducible, Stability-Memory-AddressSanitizer retention: Component default Project: binutils Reported: Mar 6, 2025 87...@developer.gserviceaccount.com added comment #1: Detailed Report: https://oss-fuzz.com/testcase?key=6601247063080960 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzz_objdump_safe Job Type: libfuzzer_asan_binutils Platform Id: linux Crash Type: Heap-buffer-overflow READ 3 Crash Address: 0x5020000000b7 Crash State: _bfd_elf_parse_attributes bfd_section_from_shdr bfd_elf64_object_p Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_binutils&range=202503040624:202503060653 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=6601247063080960 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public. Generated by Google IssueTracker notification system. You're receiving this email because you are subscribed to updates on Google IssueTracker issue 401056615 Unsubscribe from this issue.
