Bug 1658949 (CVE-2018-19932)

Summary: CVE-2018-19932 binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, dbaker, fweimer, jokerman, kanderso, mcermak, mnewsome, mpolacek, nickc, ohudlick, sthangav, trankin, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in GNU Binutils due to an integer overflow in the IS_CONTAINED_BY_LMA function within elf.c in libbfd, where an attacker could exploit this flaw by persuading a victim to open a specially crafted file, causing the application to enter an infinite loop and resulting in a denial of service condition.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 03:22:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1659618, 1659619, 1659620, 1659621, 1659622    
Bug Blocks: 1658951    

Description Andrej Nemec 2018-12-13 08:54:43 UTC 
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

Upstream issue:

https://sourceware.org/bugzilla/show_bug.cgi?id=23932

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7
Comment 1 Scott Gayou 2018-12-14 19:48:35 UTC 
Reproduces quite easily -- infinite loop printing an assertion in all versions of RHEL packages post rhel-5. binutils 220 in rhel-5 does not appear to package strip, hence is notaffected.

```
mingw-strip: BFD (GNU Binutils) 2.30 assertion fail ../../bfd/elf.c:7089
mingw-strip: BFD (GNU Binutils) 2.30 assertion fail ../../bfd/elf.c:7089
mingw-strip: BFD (GNU Binutils) 2.30 assertion fail ../../bfd/elf.c:7089
mingw-strip: BFD (GNU Binutils) 2.30 assertion fail ../../bfd/elf.c:7089
mingw-strip: BFD (GNU Binutils) 2.30 assertion fail ../../bfd/elf.c:7089
```