Описание
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
An out-of-bounds read was discovered in Binutils while it processes a malformed ELF relocatable file (.o file). A victim user who uses Binutils tools (size, gdb, readelf) to analyze untrusted binaries, may be vulnerable to a denial of service attack.
Отчет
Exploitation of this bug specifically requires the victim to analyze a maliciously crafted binary using a tool that uses a vulnerable version of libbfd. No binary under normal circumstances, omits the '\0' in SHT_GROUP, that is a prerequisite for this attack to work. It is neither common practice, nor recommended to analyze untrusted binaries outside a sandbox. Therefore RH ProdSec has set the Impact of this bug to "Low".
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 5 | binutils220 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-9-binutils | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
An issue was discovered in the Binary File Descriptor (BFD) library (a ...
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
5.5 Medium
CVSS3