Hi,
I found several security vulnerabilities in the ELF hash section parsing
(division by zero, heap out-of-bounds reads, integer overflow) that can be
triggered by a crafted ELF file. All confirmed with AddressSanitizer.
I couldn't find a SECURITY.md or private disclosure channel in the repo.
What is the preferred way to report security issues? I can share full
details, PoCs, and a patch PR through whatever channel you prefer.
Thanks
Hi,
I found several security vulnerabilities in the ELF hash section parsing
(division by zero, heap out-of-bounds reads, integer overflow) that can be
triggered by a crafted ELF file. All confirmed with AddressSanitizer.
I couldn't find a SECURITY.md or private disclosure channel in the repo.
What is the preferred way to report security issues? I can share full
details, PoCs, and a patch PR through whatever channel you prefer.
Thanks