A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils. A crafted filed could cause the application to crash. Upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=24041 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1664713] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1664715] Affects: fedora-all [bug 1664714]
> A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils Function elf_link_add_object_symbols() in binutils does not properly check ELF files with no program headers, resulting in an invalid memory dereference. The issue can only be used to make the application crash, as the wrong address fall in the part occupied by the kernel and inaccessible by user application.
The flaws was introduced in: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9acc85a62eb76c270724bba15c889d2d05567b6a As such, it does not affect RHEL 5, 6 and 7.
Statement: This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code, which was introduced in a newer version of the package.