[bug-cflow] Sir , We found a UAF bug in cflow 1.5

bug-cflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-cflow] Sir , We found a UAF bug in cflow 1.5

From:	jone lu
Subject:	[bug-cflow] Sir , We found a UAF bug in cflow 1.5
Date:	Wed, 26 Dec 2018 02:26:42 +0000

Sir,

Through the FUZZ test ，We obtained a POC sample in Cflow 1.5 . After analysis, we found that the delete_symbol function did not clear the global variable caller when the symbol was released. When the function data_in_list was processed , the global variable caller which had been released was triggered to touch off the UAF vulnerability. The POC sample is detailed in the attachment. Thank you for your patience !

bug.zip
Description: bug.zip

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-cflow] Sir , We found a UAF bug in cflow 1.5, jone lu <=

Index(es):
- Date
- Thread