Описание
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
Отчет
This vulnerability is rated as low severity because it allows an attacker to cause a denial of service through a NULL pointer dereference, this flaw would crash the application, but it does not affect system integrity or data confidentiality. This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code, which was introduced in a newer version of the package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | binutils | Not affected | ||
| Red Hat Enterprise Linux 6 | binutils | Not affected | ||
| Red Hat Enterprise Linux 7 | binutils | Not affected | ||
| Red Hat Enterprise Linux 8 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-binutils | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
A NULL pointer dereference was discovered in elf_link_add_object_symbo ...
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
Уязвимость функции elf_link_add_object_symbols в GNU Binutils, связанная с разыменованием указателя NULL, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3