← Signals
- binutils
- objdump
- elf
- exploitarium
news
objdump DLX Backend OOB Write Calc PoC
Crafted ELF/DLX objects via objdump -g reach calc callback — ASLR-relative delta strategy; credit 4D4J/objdump-Out-Of-Bounds-write.
Summary
Crafted ELF/DLX objects via objdump -g reach calc callback — ASLR-relative delta strategy; credit 4D4J/objdump-Out-Of-Bounds-write. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.
Key Findings
| Finding | Detail |
|---|---|
| Product / target | GNU objdump 2.46.1 dlx-elf / binutils-gdb master |
| Primitive | DLX debug section heap overwrite → hijacked callback |
| Impact | Local ACE when victim runs objdump on malicious DLX object (not network RCE). |
Attack Chain
objdump -g crafted.bin → overwrite adjacent pointer → P helper launches calc
Mitigation
Do not run objdump on untrusted objects; update binutils when fixes ship.