card.io-Android-SDK icon indicating copy to clipboard operation
card.io-Android-SDK copied to clipboard

Published 20 hours ago verified publisher icon card-io

Library binary is built with “elf” without stack protection

Open chaitusy09 opened this issue 7 years ago • 3 comments

General information

  • SDK/Library version:
  • Android Version and Device:

Issue description

chaitusy09 avatar Mar 05 '17 13:03 chaitusy09

library binary is built with “elf” without stack protection. The vulnerable binary files are below in detailed steps. Stack canaries can greatly increase the difficulty of exploiting a stack buffer overflow because it forces the attacker to gain control of the instruction pointer by some non-traditional means such as corrupting other important variables on the stack. Risk Description Lack of stack Protection motivate adversary for exploiting a stack buffer overflow Detailed Steps lib\arm64-v8a\libopencv_core.so lib\arm64-v8a\libopencv_imgproc.so lib\armeabi-v7a\libopencv_core.so lib\armeabi-v7a\libopencv_imgproc.so lib\x86\libcardioDecider.so lib\x86\libcardioRecognizer.so lib\x86\libcardioRecognizer_tegra2.so lib\x86\libopencv_core.so lib\x86\libopencv_imgproc.so lib\x86_64\libcardioDecider.so lib\x86_64\libcardioRecognizer.so lib\x86_64\libcardioRecognizer_tegra2.so lib\x86_64\libopencv_core.so

can you give solution for this.

chaitusy09 avatar Mar 05 '17 13:03 chaitusy09

Please supply the version of card.io and what source/tool you are getting this message from.

lkorth avatar Mar 09 '17 15:03 lkorth

Just Curious, if you use gradle compile will you be getting the same Issue? Thanks

dhiwakarmani avatar Apr 04 '17 13:04 dhiwakarmani