SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()

Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patchrelocs at libr/bin/p/bincoff.c:509 Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff...

PoC

Scripts for porting debug symbol information idb2patriprel...

Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)

The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible...

security flaw

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...