Developer forums (C::B DEVELOPMENT STRICTLY!) > Contributions to C::B
Security vulnerability
m4ko:
Hello,
I am a security researcher and I have Discovered a security vulnerability in the Code::Blocks IDE 17.12 (newest version). It's a high severity Remote Code Execution vulnerability.
Where do I report it?
raynebc:
The first thing you'd want to do is see if it's been fixed in the years since the 17.12 release. Newer pre-release builds are here:
http://forums.codeblocks.org/?board=20.0
oBFusCATed:
PM me. But I doubt there is anything "serious"/fixable. After all C::B is executing compilers/linkers which generate executables, so it is insecure by nature :)
sodev:
--- Quote from: m4ko on March 26, 2020, 10:20:17 am ---Remote Code Execution vulnerability
--- End quote ---
I wonder though how can you access something remotely of CodeBlocks? After all it is a desktop application without any server functionality?
stahta01:
--- Quote from: sodev on March 26, 2020, 09:08:53 pm ---
--- Quote from: m4ko on March 26, 2020, 10:20:17 am ---Remote Code Execution vulnerability
--- End quote ---
I wonder though how can you access something remotely of CodeBlocks? After all it is a desktop application without any server functionality?
--- End quote ---
I can see the non-working cb_koders plugin being a possible vector.
Or, the devpack plugin. Which is almost bad enough to call non-working.
Tim S.
Navigation
[0] Message Index
[#] Next page
Go to full version