GNU Binutils is prone to a denial-of-service vulnerability.
Note: This issue is the result of an incomplete fix for the issue described in BID 101611 (GNU Binutils CVE-2017-15023 Remote Denial of Service Vulnerability).
An attacker can exploit this issue to cause a denial-of-service condition.
GNU Binutils 2.29 is vulnerable; other versions may also be affected.
Information
Bugtraq ID: 101613Class: Input Validation Error
CVE: CVE-2017-15939
Remote: Yes
Local: No
Published: Oct 24 2017 12:00AM
Updated: Nov 03 2017 12:05AM
Credit: Agostino Sarubbo of Gentoo.
Vulnerable: GNU Binutils 2.29
Not Vulnerable:
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- binutils Homepage (binutils)
- binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX (Agostino Sarubbo)
- PR22205, .debug_line file table NULL filename (sourceware.org)