Re: [Boost-bugs] [Boost C++ Libraries] #12837: Binary serialization: crash that may allow jump to attacker-controlled address

Subject: Re: [Boost-bugs] [Boost C++ Libraries] #12837: Binary serialization: crash that may allow jump to attacker-controlled address
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2017-05-04 16:25:16

• Next message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #12741: Linker error in cross compiling with x86_64-w64-mingw32-g++"
• Previous message: F: "Re: [Boost-bugs] [Boost C++ Libraries] #12913: Undefined behaviour in serialization library"

#12837: Binary serialization: crash that may allow jump to attacker-controlled
address
--------------------------------------+---------------------------
  Reporter: jepler@… | Owner: ramey
      Type: Bugs | Status: assigned
 Milestone: To Be Determined | Component: serialization
   Version: Boost Development Trunk | Severity: Problem
Resolution: | Keywords: security
--------------------------------------+---------------------------
Changes (by ramey):

 * status: new => assigned

Comment:

 This is pretty interesting. I'm curious about the fuzz testing setup.
 But I'm not sure what to do about it without undertaking a huge effort -
 which I'm not prepared to do. But you're issue is legitimate and I'm
 going to accept and leave open this issue in case someone wants to take it
 on.

 Thanks for your efforts here. I'm sorry I can't be more helpful.

 Robert Ramey

-- 
Ticket URL: <https://svn.boost.org/trac/boost/ticket/12837#comment:1>
Boost C++ Libraries <http://www.boost.org/>
Boost provides free peer-reviewed portable C++ source libraries.

• Next message: Boost C++ Libraries: "Re: [Boost-bugs] [Boost C++ Libraries] #12741: Linker error in cross compiling with x86_64-w64-mingw32-g++"
• Previous message: F: "Re: [Boost-bugs] [Boost C++ Libraries] #12913: Undefined behaviour in serialization library"

This archive was generated by hypermail 2.1.7 : 2017-05-04 16:29:55 UTC