On Tue, Mar 05, 2024 at 09:16:51PM +0200, Itay Beladev wrote:
> There is an integer overflow in strings.c, which can lead to heap overflow
> leading to RCE on the strings binary.
This is https://sourceware.org/bugzilla/show_bug.cgi?id=30595 and
https://sourceware.org/bugzilla/show_bug.cgi?id=30598
There is an integer overflow in strings.c, which can lead to heap overflow
leading to RCE on the strings binary.
An attacker needs to have access to the `-n` parameter, to trigger this
vulnerability.
PoC: `strings -n 4294967295 /usr/bin/strings`
the bug occurs here, in line 270:
[image: image.png
