Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14747 > unrolled thread
| Started by | Corbin Souffrant <corbin.souffrant@gmail.com> |
|---|---|
| First post | 2018-10-30 12:31 -0700 |
| Last post | 2018-10-30 12:31 -0700 |
| Articles | 1 — 1 participant |
Back to article view | Back to gnu.bash.bug
Use-After-Free in Bash Corbin Souffrant <corbin.souffrant@gmail.com> - 2018-10-30 12:31 -0700
| From | Corbin Souffrant <corbin.souffrant@gmail.com> |
|---|---|
| Date | 2018-10-30 12:31 -0700 |
| Subject | Use-After-Free in Bash |
| Message-ID | <mailman.3125.1540929667.1284.bug-bash@gnu.org> |
Hello, I found a reproducible use-after-free in every version of Bash from 4.4-5.0beta, that could potentially be used to escape restricted mode. I say potentially, because I can get it to crash in restricted mode, but I haven't gone through the effort of attempting to heap spray to overwrite function pointers. I read in previous threads that you don't consider most crashes in Bash to be security issues, but before I posted something to the public mailing list, I wanted to be sure that this was the correct place to do so. If not, who should I email? I have a writeup, with repro and patch that I think should work. :) Thanks! Corbin Souffrant
Back to top | Article view | gnu.bash.bug
csiph-web