Описание
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.
Отчет
The issue is classified as moderate severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security. As per upstream binutils security policy this issue is not considered as a security flaw. Basically the key element of the policy that affects this is the understanding that analysis of untrusted binaries must always be done in a sandbox because the ELF format is open ended enough to make the analysis tools do anything, like including and processing arbitrary files. This eliminates the only possible vulnerability vector here, which is the possibility of a user being tricked into downloading and analyzing an untrusted ELF without sandboxing. See the binutils security policy for more details: https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer to CWE-787: Out-of-bounds Write vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low. Boundary protection, access enforcement, and least privilege controls limit access to the platform and memory, ensuring only authorized users and processes can interact with sensitive components. This reduces the risk of attackers exploiting memory vulnerabilities. Configuration management controls like baseline configuration and least functionality can help prevent vulnerability exploitation by enforcing secure system configurations, enabling memory protection, and removing unnecessary services, ports, or functions that could be exploited. Memory protection controls mitigate the risk of potential memory corruption by enforcing runtime protections. Finally, process isolation and encryption of data at rest reduce the potential impacts in the case of successful exploitation by isolating compromised processes and ensuring sensitive data remains secure even in the event of memory corruption.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 8 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-10-binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-11-binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-9-binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-binutils | Not affected | ||
| Red Hat Enterprise Linux 9 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 9 | mingw-binutils | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...
7.8 High
CVSS3