Author Topic: Security vulnerability  (Read 1148 times)

Offline m4ko

  • Single posting newcomer
  • *
  • Posts: 1
Security vulnerability
« on: March 26, 2020, 10:20:17 am »
Hello,

I am a security researcher and I have Discovered a security vulnerability in the Code::Blocks IDE 17.12 (newest version). It's a high severity Remote Code Execution vulnerability.

Where do I report it?

Offline raynebc

  • Almost regular
  • **
  • Posts: 217
Re: Security vulnerability
« Reply #1 on: March 26, 2020, 04:54:00 pm »
The first thing you'd want to do is see if it's been fixed in the years since the 17.12 release.  Newer pre-release builds are here:
http://forums.codeblocks.org/?board=20.0

Online oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12897
    • Travis build status
Re: Security vulnerability
« Reply #2 on: March 26, 2020, 08:40:26 pm »
PM me. But I doubt there is anything "serious"/fixable. After all C::B is executing compilers/linkers which generate executables, so it is insecure by nature :)
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline sodev

  • Regular
  • ***
  • Posts: 405
Re: Security vulnerability
« Reply #3 on: March 26, 2020, 09:08:53 pm »
Remote Code Execution vulnerability

I wonder though how can you access something remotely of CodeBlocks? After all it is a desktop application without any server functionality?

Offline stahta01

  • Lives here!
  • ****
  • Posts: 7012
    • My Best Post
Re: Security vulnerability
« Reply #4 on: March 26, 2020, 10:03:24 pm »
Remote Code Execution vulnerability

I wonder though how can you access something remotely of CodeBlocks? After all it is a desktop application without any server functionality?

I can see the non-working cb_koders plugin being a possible vector.
Or, the devpack plugin. Which is almost bad enough to call non-working.

Tim S.
C Programmer working to learn more about C++ and Git.
On Windows 7 64 bit and Windows 10 32 bit.
On Debian Stretch, compiling CB Trunk against wxWidgets 3.0.
--
When in doubt, read the CB WiKi FAQ. http://wiki.codeblocks.org

Offline MortenMacFly

  • Administrator
  • Lives here!
  • *****
  • Posts: 9604
Re: Security vulnerability
« Reply #5 on: March 29, 2020, 04:52:38 pm »


Where do I report it?

Please, report things like that to one of the devs/admins via personal message Thank you.
Compiler logging: Settings->Compiler & Debugger->tab "Other"->Compiler logging="Full command line"
C::B Manual: http://www.codeblocks.org/docs/main_codeblocks_en.html
C::B FAQ: http://wiki.codeblocks.org/index.php?title=FAQ

Online oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12897
    • Travis build status
Re: Security vulnerability
« Reply #6 on: March 29, 2020, 05:18:53 pm »
Ticket 934 if you want to look at this.
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]