Bug 1664703 (CVE-2018-20651)

Summary: CVE-2018-20651 binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, dbaker, fweimer, jokerman, kanderso, mcermak, mnewsome, mpolacek, nickc, ohudlick, sthangav, trankin, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in GNU Binutils, where a NULL pointer dereference in the elf_link_add_object_symbols function in elflink.c within libbfd can lead to a denial of service, an attacker could exploit this vulnerability to crash the application.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 03:21:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1664713, 1664714, 1664715, 1668416, 1668417, 1668418, 1668419    
Bug Blocks: 1664716    

Description Andrej Nemec 2019-01-09 13:39:23 UTC 
A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils. A crafted filed could cause the application to crash.

Upstream issue:

https://sourceware.org/bugzilla/show_bug.cgi?id=24041

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
Comment 1 Andrej Nemec 2019-01-09 13:48:10 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1664713]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1664715]
Affects: fedora-all [bug 1664714]
Comment 2 Riccardo Schirone 2019-01-22 16:57:27 UTC 
> A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils

Function elf_link_add_object_symbols() in binutils does not properly check ELF files with no program headers, resulting in an invalid memory dereference. The issue can only be used to make the application crash, as the wrong address fall in the part occupied by the kernel and inaccessible by user application.
Comment 3 Riccardo Schirone 2019-01-22 17:02:06 UTC 
The flaws was introduced in:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9acc85a62eb76c270724bba15c889d2d05567b6a

As such, it does not affect RHEL 5, 6 and 7.
Comment 6 Riccardo Schirone 2019-01-23 08:48:00 UTC 
Statement:

This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code, which was introduced in a newer version of the package.