Bug 1771668 (CVE-2019-17451) - CVE-2019-17451 binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c
Summary: CVE-2019-17451 binutils: integer overflow leading to a SEGV in _bfd_dwarf2_fi...
Alias: CVE-2019-17451
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1771670 1771669 1771672 1771673 1779244 1779245 1779253 1779254 1779255
Blocks: 1771671
TreeView+ depends on / blocked
Reported: 2019-11-12 18:48 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-04-28 16:34 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-04-28 16:34:33 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1797 None None None 2020-04-28 15:54:04 UTC

Description Guilherme de Almeida Suckevicz 2019-11-12 18:48:12 UTC
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.


Upstream commit:

Comment 1 Guilherme de Almeida Suckevicz 2019-11-12 18:48:41 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1771669]

Created mingw-binutils tracking bugs for this issue:

Affects: epel-6 [bug 1771673]
Affects: epel-7 [bug 1771672]
Affects: fedora-all [bug 1771670]

Comment 7 Marco Benatto 2019-12-03 19:45:00 UTC
There's an issue on libbfd from binutils package while processing BFD data. When reading BFD sections from an ELF binary to extract debug information, _bfd_dwarf2_slurp_debug_info() doesn't properly validate section's size leading to a integer overflow. An attacker can leverage that by crafting a ELF file which may trigger the bug further causing heap data corruption and DoS.

Comment 8 errata-xmlrpc 2020-04-28 15:54:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1797 https://access.redhat.com/errata/RHSA-2020:1797

Comment 9 Product Security DevOps Team 2020-04-28 16:34:33 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.