Описание
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in GNU Binutils 2.40 to version 2.44 and affects the elf_gc_sweep function of the bfd/elflink.c file of the component ld. The manipulation leads to memory corruption and a program crash. An attacker must have local access to exploit this vulnerability.
Отчет
The vulnerability relies upon the linker's -w command line option, which disables warnings and forces the linker to continue working even though it knows that it cannot produce valid output. With this option enabled a code path is exposed which leads to a dereferencing of a NULL pointer and the segmentation fault. The -w command line option was introduced with the 2.40 release.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gcc-toolset-15-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gdb | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mingw-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 6 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 7 | binutils | Not affected | ||
| Red Hat Enterprise Linux 7 | gdb | Not affected | ||
| Red Hat Enterprise Linux 8 | binutils | Not affected | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-13-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-13-gdb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-14-binutils | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in GNU Binutils up to 2.44. It has been rate ...
EPSS
4 Medium
CVSS3