GNU Binutils is prone to a denial-of-service vulnerability.
Note: This issue is the result of an incomplete fix for the issue described in BID 101611 (GNU Binutils CVE-2017-15023 Remote Denial of Service Vulnerability).
An attacker can exploit this issue to cause a denial-of-service condition.
GNU Binutils 2.29 is vulnerable; other versions may also be affected.
Information
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- binutils Homepage (binutils)
- binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX (Agostino Sarubbo)
- PR22205, .debug_line file table NULL filename (sourceware.org)