> From: Richard Braun <[email protected]> > Sent: Monday 19 July 2021 12:26 > To: Tommy Murphy <[email protected]> > Cc: OpenOCD <[email protected]>; Ooi, Cinly > <[email protected]> > Subject: Re: Potential NULL byte injection > > Without the issue, the impact of > a malicious/faulty input is restricted to what openocd can do. With it, > it's restricted to what the operating system allows the hacked program > to do, and without sandboxing, it can basically rm -rf or whatever.
Perhaps you can you illustrate how NULL byte injection can be used to make openocd execute rm -rf?
