Add CVE-2017-15020 from ASan'ed binutils 2.29

author: Nguyễn Gia Phong <cnx@loang.net> 2025-02-16 18:08:36 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-02-18 11:21:27 +0900
commit: a67219d8ae7cdb76f67cd6a7b377dbd20b4123f9 (patch)
tree: 3388642f0426d9f665370b0b729d4eba45a9844f /README.md
parent: c336fdfa6ca6b33015f6bdc6e460d754e7f2c907 (diff)
download: loftix-a67219d8ae7cdb76f67cd6a7b377dbd20b4123f9.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/README.md b/README.md
index 316e633..eb14e25 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,13 @@ Then run `guix pull`.
     guix shell binutils@2.29
     objdump -d bugs/cve/2017/14745/crash_1
 
+### CVE-2017-15020
+
+[binutils: heap buffer overflow][sourceware-22202]
+
+    guix shell binutils@2.29
+    nm -l bugs/cve/2017/15020/reproducer
+
 ### CVE-2017-15025
 
 [binutils: divide-by-zero][sourceware-22186]
@@ -97,5 +104,6 @@ Then run `guix pull`.
 [jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
+[sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202
 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
author	Nguyễn Gia Phong <cnx@loang.net>	2025-02-16 18:08:36 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-02-18 11:21:27 +0900
commit	a67219d8ae7cdb76f67cd6a7b377dbd20b4123f9 (patch)
tree	3388642f0426d9f665370b0b729d4eba45a9844f /README.md
parent	c336fdfa6ca6b33015f6bdc6e460d754e7f2c907 (diff)
download	loftix-a67219d8ae7cdb76f67cd6a7b377dbd20b4123f9.tar.gz