Security vulnerability

m4ko · March 26, 2020, 10:20:17 AM

Hello,

I am a security researcher and I have Discovered a security vulnerability in the Code::Blocks IDE 17.12 (newest version). It's a high severity Remote Code Execution vulnerability.

Where do I report it?

raynebc · March 26, 2020, 04:54:00 PM

The first thing you'd want to do is see if it's been fixed in the years since the 17.12 release. Newer pre-release builds are here:
http://forums.next.codeblocks.org/?board=20.0

oBFusCATed · March 26, 2020, 08:40:26 PM

PM me. But I doubt there is anything "serious"/fixable. After all C::B is executing compilers/linkers which generate executables, so it is insecure by nature

sodev · March 26, 2020, 09:08:53 PM

Quote from: m4ko on March 26, 2020, 10:20:17 AM
Remote Code Execution vulnerability

I wonder though how can you access something remotely of CodeBlocks? After all it is a desktop application without any server functionality?

stahta01 · March 26, 2020, 10:03:24 PM

Quote from: sodev on March 26, 2020, 09:08:53 PM
Quote from: m4ko on March 26, 2020, 10:20:17 AM
Remote Code Execution vulnerability

I wonder though how can you access something remotely of CodeBlocks? After all it is a desktop application without any server functionality?

I can see the non-working cb_koders plugin being a possible vector.
Or, the devpack plugin. Which is almost bad enough to call non-working.

Tim S.

MortenMacFly · March 29, 2020, 04:52:38 PM

Quote from: m4ko on March 26, 2020, 10:20:17 AM
Where do I report it?

Please, report things like that to one of the devs/admins via personal message Thank you.

oBFusCATed · March 29, 2020, 05:18:53 PM

Ticket 934 if you want to look at this.

Code::Blocks Forums

News:

Security vulnerability

m4ko

raynebc

oBFusCATed

sodev

stahta01

MortenMacFly

oBFusCATed