https://gcc.gnu.org/bugzilla/show_bug.cgi?id=120537
Xi Ruoyao <xry111 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |xry111 at gcc dot gnu.org
--- Comment #2 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
(In reply to Xudong Cao from comment #0)
> Summary
>
> Hello GCC Security Team,
> I would like to report a heap buffer overflow vulnerability
This is NOT a vulnerability per Binutils security policy:
<quote>
This stance applies to the creation tools in the GNU Binutils (eg
as, ld, gold, objcopy) and the libraries that they use. Bugs in
inspection tools (eg readelf, nm objdump) will not be considered
to be security bugs, since they do not create executable output
files.
Notes:
======
None of the programs in the GNU Binutils suite need elevated
privileges to operate and it is recommended that users do not use
them from accounts where such privileges are automatically
available.
The inspection tools are intended to be robust but nevertheless
they should be appropriately sandboxed if they are used to examine
malicious or potentially malicious input files.
</quote>
