Bug 1551778 – CVE-2018-7569 binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1551778 - (CVE-2018-7569) CVE-2018-7569 binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library

Summary:	CVE-2018-7569 binutils: integer underflow or overflow via an ELF file with a ...

Status:	NEW

Aliases:	CVE-2018-7569

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20180226,reported=2...
Keywords:	Security

Depends On:	1551779 1551781 1551780 1569889 1569890 1569891 1572222
Blocks:	1551789
	Show dependency tree / graph

Reported:	2018-03-05 18:20 EST by Laura Pardo
Modified:	2018-10-30 03:23 EDT (History)
CC List:	16 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:3032	None	None	None	2018-10-30 03:23 EDT

Groups: None (edit)

Description Laura Pardo 2018-03-05 18:20:30 EST

A flaw was found in the read_attribute_value function in dwarf2.c file in the
Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Binutils up to version 2.30, when compiled in 32bit mode. This allows remote
attackers to cause a denial of service (integer wraparound and application
crash) via an ELF file with a corrupt DWARF FORM block.


References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22895

Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9

Comment 1 Laura Pardo 2018-03-05 18:21:14 EST

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1551779]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1551780]

Comment 6 errata-xmlrpc 2018-10-30 03:23:42 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032

Note You need to log in before you can comment on or make changes to this bug.