*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: malbolge The Malbolge 0.1.1 interpreter fails to sufficiently sanitize its input source. In particular, it fails to throw an error when it detects a non-ASCII character in the source, contrary to the language specification: “When the interpreter tries to execute a program, it first checks to see if the current instruction is a graphical ASCII character (33 through 126). … If the original character is not graphic ASCII, the program is immediately ended.” As discovered by Lou Scheffer, this vulnerability makes it possible for an attacker to circumvent Malbolge’s encryption and write useful programs. Sample exploit code is given at <http://www.lscheffer.com/malbolge.shtml>. A patch is attached. ** Affects: msk Importance: Undecided Status: New ** Affects: malbolge (Ubuntu) Importance: Undecided Status: New -- Insufficient input sanitization leads to arbitrary code execution https://bugs.launchpad.net/bugs/210098 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
