GNU Binutils before 2.34 has a NULL pointer dereference in bfd_pef_scan_start_address function in bfd/pef.c due to not checking return value of bfd_malloc. This bug allows attackers to cause a denial of service.
Created mingw-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1911445]
binutils as shipped with Red Hat Enterprise Linux 8's GCC Toolset 10 and Red Hat Developer Toolset 10 are not affected by this flaw because the versions shipped have already received the patch.
Flaw technical summary:
In the `bfd_pef_scan_start_address()` function in bfd/pef.c, `bfd_malloc()` is called and the return pointer is not checked for point to NULL before it is passed to `bfd_read()` which dereferences it. If an attacker is able to cause `bfd_malloc()` to fail/return NULL, they could cause a denial of service. The upstream patch adds a NULL check before calling `bfd_read()`.
Upstream commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537