An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=25070 Upstream commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1771669] Created mingw-binutils tracking bugs for this issue: Affects: epel-6 [bug 1771673] Affects: epel-7 [bug 1771672] Affects: fedora-all [bug 1771670]
There's an issue on libbfd from binutils package while processing BFD data. When reading BFD sections from an ELF binary to extract debug information, _bfd_dwarf2_slurp_debug_info() doesn't properly validate section's size leading to a integer overflow. An attacker can leverage that by crafting a ELF file which may trigger the bug further causing heap data corruption and DoS.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1797 https://access.redhat.com/errata/RHSA-2020:1797
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17451