CVE-2017-15939

Published: 10/27/2017 Last updated: 8/5/2024 Reserved: 10/27/2017

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 10.0.20348.1850

References (10)

https://security.gentoo.org/glsa/201801-01
https://sourceware.org/bugzilla/show_bug.cgi?id=22205
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=a54018b72d75abf2e74bf36016702da06399c1d9
http://www.securityfocus.com/bid/101613
https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/
https://security.gentoo.org/glsa/201801-01
https://sourceware.org/bugzilla/show_bug.cgi?id=22205
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=a54018b72d75abf2e74bf36016702da06399c1d9
http://www.securityfocus.com/bid/101613
https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/