search

logological / gpp

GPP, a generic preprocessor
https://logological.org/gpp
GNU Lesser General Public License v3.0
192 stars 33 forks source link

gpp: Segmentation fault #26

Closed tr3ee closed 4 years ago

tr3ee commented 5 years ago

When using the file below, GPP will try to use more memory space than is available on the stack.

poc_gpp.txt

This can lead to denial of service attacks, even remote code execution in specific situations

tr3ee commented 5 years ago

CVE-2018-17076 has been assigned to this.

kmpatel commented 5 years ago

I'm looking at the 'poc_gpp.txt' file, and see a binary. Am I seeing it incorrectly, or is the issue the importance of screening for binary files?

logological commented 3 years ago

@tr3ee: Thank you for the report. As you may have seen, the issue has been fixed and a new release issued.