OFFSITE.DARK
← Signals

Jun 29, 2026

1 min

Sploitus / Exploitarium

  • binutils
  • objdump
  • elf
  • exploitarium

news

objdump DLX Backend OOB Write Calc PoC

Crafted ELF/DLX objects via objdump -g reach calc callback — ASLR-relative delta strategy; credit 4D4J/objdump-Out-Of-Bounds-write.

Summary

Crafted ELF/DLX objects via objdump -g reach calc callback — ASLR-relative delta strategy; credit 4D4J/objdump-Out-Of-Bounds-write. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.

Key Findings

FindingDetail
Product / targetGNU objdump 2.46.1 dlx-elf / binutils-gdb master
PrimitiveDLX debug section heap overwrite → hijacked callback
ImpactLocal ACE when victim runs objdump on malicious DLX object (not network RCE).

Attack Chain

objdump -g crafted.bin → overwrite adjacent pointer → P helper launches calc

Mitigation

Do not run objdump on untrusted objects; update binutils when fixes ship.

Related Signals

Sources

→ Source