Описание
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF abbrev or debug information with the readelf program using the -w abbrev command line option can trigger an abort, causing a crash and resulting in a denial of service.
Отчет
This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this reachable abort is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with readelf. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.
Меры по смягчению последствий
To mitigate this vulnerability, do not process untrusted, unverified or externally supplied ELF binaries with the readelf program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gcc-toolset-15-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gdb | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mingw-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 6 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 7 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 7 | gdb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-14-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-14-gdb | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to ...
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
EPSS
3.3 Low
CVSS3