Описание
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
A flaw was found in binutils' readelf program. An attacker who is able to convince a victim using readelf to read a crafted file, could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
Отчет
The issue is classified as moderate severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The buffer overflow only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious ELF file with readelf. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. As per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing. See the binutils security policy for more details: https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt
Меры по смягчению последствий
Stack canaries, non-executable stack (NX), address space layout randomization (ASLR) are binary hardening protections enabled in Red Hat Enterprise Linux 7 and 8 that should greatly limit the impact of this flaw. An additional mitigation is to not use readelf to read files from untrusted sources. To learn more about binary hardening protections in Red Hat Enterprise Linux, please see https://access.redhat.com/articles/65299
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 8 | binutils | Not affected | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-10-binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-9-binutils | Will not fix | ||
| Red Hat Enterprise Linux 9 | binutils | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.
A flaw was found in binutils readelf 2.35 program. An attacker who is ...
EPSS
7 High
CVSS3