[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Code Execution in Mathematical Context

From: Nils Emmerich
Subject: Code Execution in Mathematical Context
Date: Tue, 4 Jun 2019 13:42:40 +0200
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -g -O2 -Wno-parentheses -Wno-format-security
uname output: Linux VirtualBox 4.18.0-20-generic #21~18.04.1-Ubuntu SMP $
Machine Type: x86_64-pc-linux-gnu

Bash Version: 5.0
Patch Level: 0
Release Status: release

        It is possible to get code execution via a user supplied variable in the mathematical context.         I don't know if this is considered a bug or not, but if not, I think people should be made aware that the mathematical context is unsafe.

        If this is considered a bug I would like to get in contact with someone in charge.

Nils Emmerich

ERNW Research GmbH
Carl-Bosch-Str. 4
69115 Heidelberg
Tel. +49 6221 480390 (Sekretariat)
Handelsregister Mannheim HRB 723285
Geschäftsführer: Dr.-Ing. Andreas Dewald

Blog: www.insinuator.net
Conference: www.troopers.de

reply via email to

[Prev in Thread] Current Thread [Next in Thread]