The aout_32_swap_std_reloc_out function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils before 2.31, allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file, as demonstrated by objcopy. References: http://git.hunter-ht.cn/zhanggen/objcopy_crash_input_1 https://sourceware.org/bugzilla/show_bug.cgi?id=23405
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1686782]
This appears to be a duplicate of bug 1553115 (CVE-2018-7642) according to upstream. Also, this can be seen by looking at the stack traces, which are the same: ``` Program received signal SIGSEGV, Segmentation fault. 0x084cf65c in aout_32_swap_std_reloc_out (natptr=0xf590528c, g=0xf4b03fe8, abfd=<optimized out>) at /work/binutils-gdb/bfd/aoutx.h:1971 1971 asection *output_section = sym->section->output_section; (gdb) bt #0 0x084cf65c in aout_32_swap_std_reloc_out (natptr=0xf590528c, g=0xf4b03fe8, abfd=<optimized out>) at /work/binutils-gdb/bfd/aoutx.h:1971 #1 aout_32_squirt_out_relocs (abfd=0xf5b03970, section=0xf5903d48) at /work/binutils-gdb/bfd/aoutx.h:2444 #2 0x0849ae05 in i386linux_write_object_contents (abfd=0xf5b03970) at /work/binutils-gdb/bfd/i386linux.c:77 #3 0x081a9940 in bfd_close (abfd=0xf5b03970) at /work/binutils-gdb/bfd/opncls.c:731 #4 0x08080bbe in copy_file (input_filename=input_filename@entry=0xffffd8ef "out/slave/crashes/id:000125,sig:06,src:003346+002348,op:splice,rep:8", output_filename=output_filename@entry=0xf6500b80 "out/slave/crashes/stv31c0r", input_target=<optimized out>, output_target=0x87f6320 "a.out-i386-linux", input_arch=0x0) at /work/binutils-gdb/binutils/objcopy.c:3530 #5 0x0805b429 in copy_main (argv=<optimized out>, argc=<optimized out>) at /work/binutils-gdb/binutils/objcopy.c:5478 #6 main (argc=2, argv=0xffffd7c4) at /work/binutils-gdb/binutils/objcopy.c:5582 ```
*** This bug has been marked as a duplicate of bug 1553115 ***
Request to mark this CVE as duplicate of CVE-2018-7642 has been submitted to Mitre.
Statement: This flaw was found to be a duplicate of CVE-2018-7642. Please see https://access.redhat.com/security/cve/CVE-2018-7642 for information about affected products and security errata.