Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 716732 (CVE-2020-10814)

Summary: dev-util/codeblocks: Remote code execution via crafted project file (CVE-2020-10814)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: proxy-maint, torokhov-s-a, wxwidgets
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceforge.net/p/codeblocks/tickets/934/
Whiteboard: B2 [upstream cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-08 21:08:04 UTC
Description:
"A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-11 03:07:14 UTC
Seemingly still vulnerable. At least, I was able to get a stack trace full of 0x41's after following the reproduction instructions and trying to make a debug build.

Unfortunately, upstream's closed the report as invalid and URL is dead after their domain expired. Wayback link: https://web.archive.org/web/20200818054319/https://www.povonsec.com/codeblocks-security-vulnerability/