Bug 2167504

Summary: binutils: NULL pointer segmentation fault when accessing field `the_bfd` in function `compare_symbols`
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ailan, bdettelb, caswilli, dffrench, dkuc, fjansen, fweimer, gdb-bugs, gzaronik, hkataria, jburrell, jkoehler, jmitchel, jtanner, jwon, kaycoth, keiths, kshier, mcermak, micjohns, mpolacek, mprchlik, ngough, nickc, ntait, ohudlick, rgodfrey, rjones, sipoyare, sthirugn, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in binutils, where there is a NULL pointer segmentation fault when accessing the field `the_bfd` in the `compare_symbols` function. This flaw may cause a crash to the objdump binary when reading a crafted file, impacting availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2174098, 2174099, 2174101, 2174102, 2174103, 2174104, 2174105, 2174106, 2174107, 2174108, 2174109, 2174110, 2174111, 2174112, 2174185, 2174186, 2174187, 2174188, 2174189, 2174190, 2174191, 2174192, 2174204, 2174205, 2174206, 2174209, 2174210, 2174211, 2174212, 2174213, 2174214, 2174215, 2174216    
Bug Blocks: 2160830    

Description Pedro Sampaio 2023-02-06 20:10:18 UTC 
In Binutils, there is a NULL pointer segmentation fault when accessing field `the_bfd` in function `compare_symbols`.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=29846

Upstream fix:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386
Comment 1 Pedro Sampaio 2023-02-28 17:31:38 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-36 [bug 2174106]
Affects: fedora-37 [bug 2174108]
Affects: fedora-all [bug 2174098]


Created gdb tracking bugs for this issue:

Affects: fedora-36 [bug 2174107]


Created insight tracking bugs for this issue:

Affects: fedora-36 [bug 2174103]
Affects: fedora-37 [bug 2174109]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-36 [bug 2174099]
Affects: fedora-37 [bug 2174111]


Created radare2 tracking bugs for this issue:

Affects: epel-7 [bug 2174112]
Affects: epel-8 [bug 2174105]
Affects: fedora-36 [bug 2174101]
Affects: fedora-37 [bug 2174104]


Created rizin tracking bugs for this issue:

Affects: epel-8 [bug 2174110]
Affects: fedora-36 [bug 2174102]
Comment 9 Siddhesh Poyarekar 2023-03-01 17:31:42 UTC 
It's a crash in the objdump standalone binary, it is a bug but AFAICT there's no security implication to this bug.
Comment 10 Siddhesh Poyarekar 2023-03-01 17:33:42 UTC 
Also please note that none of these CVEs (CVE-2023-25584, CVE-2023-25585, CVE-2023-25587 or CVE-2023-25588) affect gdb in RHEL or Fedora.  gdb does not have or build the affected code.