Bug 1664703 (CVE-2018-20651) - CVE-2018-20651 binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service
Summary: CVE-2018-20651 binutils: NULL pointer dereference in elf_link_add_object_symb...
Alias: CVE-2018-20651
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1664713 1664714 1664715 Red Hat1668416 Red Hat1668417 Engineering1668418 Engineering1668419
Blocks: Embargoed1664716
TreeView+ depends on / blocked
Reported: 2019-01-09 13:39 UTC by Andrej Nemec
Modified: 2021-10-27 03:21 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-10-27 03:21:14 UTC

Attachments (Terms of Use)

Description Andrej Nemec 2019-01-09 13:39:23 UTC
A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils. A crafted filed could cause the application to crash.

Upstream issue:


Upstream patch:


Comment 1 Andrej Nemec 2019-01-09 13:48:10 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1664713]

Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1664715]
Affects: fedora-all [bug 1664714]

Comment 2 Riccardo Schirone 2019-01-22 16:57:27 UTC
> A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils

Function elf_link_add_object_symbols() in binutils does not properly check ELF files with no program headers, resulting in an invalid memory dereference. The issue can only be used to make the application crash, as the wrong address fall in the part occupied by the kernel and inaccessible by user application.

Comment 3 Riccardo Schirone 2019-01-22 17:02:06 UTC
The flaws was introduced in:

As such, it does not affect RHEL 5, 6 and 7.

Comment 6 Riccardo Schirone 2019-01-23 08:48:00 UTC

This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code, which was introduced in a newer version of the package.

Note You need to log in before you can comment on or make changes to this bug.