CVE-2017-15023

Published: 10/4/2017 Last updated: 8/5/2024 Reserved: 10/4/2017

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (1)

Product	Vendor	Version
n/a	n/a	22.0 ap378866

References (10)

http://www.securityfocus.com/bid/101611
https://security.gentoo.org/glsa/201801-01
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf
https://sourceware.org/bugzilla/show_bug.cgi?id=22200
https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
http://www.securityfocus.com/bid/101611
https://security.gentoo.org/glsa/201801-01
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf
https://sourceware.org/bugzilla/show_bug.cgi?id=22200
https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/