Use-After-Free in Bash

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Use-After-Free in Bash

From:	Corbin Souffrant
Subject:	Use-After-Free in Bash
Date:	Tue, 30 Oct 2018 12:31:52 -0700

Hello,

I found a reproducible use-after-free in every version of Bash from
4.4-5.0beta, that could potentially be used to escape restricted mode. I
say potentially, because I can get it to crash in restricted mode, but I
haven't gone through the effort of attempting to heap spray to overwrite
function pointers.

I read in previous threads that you don't consider most crashes in Bash to
be security issues, but before I posted something to the public mailing
list, I wanted to be sure that this was the correct place to do so. If not,
who should I email? I have a writeup, with repro and patch that I think
should work. :)

Thanks!
Corbin Souffrant

[Prev in Thread]

Current Thread

[Next in Thread]

Use-After-Free in Bash, Corbin Souffrant <=
- Re: Use-After-Free in Bash, Eduardo Bustamante, 2018/10/30
  - Re: Use-After-Free in Bash, Chet Ramey, 2018/10/30
- Re: Use-After-Free in Bash, Corbin Souffrant, 2018/10/30

Prev by Date: Re: GNUbash v. 4.4.23-5 – Bash identifier location is non-correct in terminal
Next by Date: Re: Use-After-Free in Bash
Previous by thread: GNUbash v. 4.4.23-5 – Bash identifier location is non-correct in terminal
Next by thread: Re: Use-After-Free in Bash
Index(es):
- Date
- Thread