An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section in the merge_strings function in merge.c when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. References: https://sourceware.org/bugzilla/show_bug.cgi?id=23806 Upstream Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1647417] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1647416]
This bug can only triggered by using specially crafted, corrupt input files. As such it will not normally be encountered by users, and fixing it is a low priority. The upstream GNU Binutils sources have already been fixed, and this fix will be brought in with the next rebase to rawhide. Postponing an update to this BZ until then.
Ahh - please ignore comment #3, it was meant for BZ 1647417
Low impact, easy to reproduce.