GNU Binutils before 2.34 has a NULL pointer dereference in bfd_pef_parse_function_stubs function in bfd/pef.c due to not checking return value of bfd_malloc. This bug allows attackers to cause a denial of service.
Created mingw-binutils tracking bugs for this issue:
Affects: fedora-all [bug 1911694]
binutils as shipped with Red Hat Enterprise Linux 8's GCC Toolset 10 and Red Hat Developer Toolset 10 are not affected by this flaw because the versions shipped have already received the patch.
Flaw technical summary:
The `bfd_pef_parse_function_stubs()` function in bfd/pef.c allocates memory with `bfd_malloc()` and doesn't check for NULL before passing the returned pointer to `bfd_read()` which dereferences it. An attacker who could submit a crafted input file that makes `bfd_malloc()` fail could cause a denial of service. The upstream patch addresses the issue by adding a NULL check before calling `bfd_read()`.
Upstream commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537