picasm -- buffer overflow vulnerability

ID 8A3ECE40-3315-11DA-A263-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-05-20T00:00:00


Shaun Colley reports:

When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of the user. This could result in full system compromise.