allows remote attackers to cause a denial of service (stack buffer overflow) or possibly have unspecified other impacts via a crafted ELF External Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=26929
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1943534] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1943535]
This bug is in the readelf binary (which is not a service) and not bfd (which a service could link to and hence be susceptible to a DoS) so this is just a crash, not a DoS. This should not be considered a security bug.
Acknowledgments: Name: Hao Wang
Mitigation: Stack canaries, non-executable stack (NX), address space layout randomization (ASLR) are binary hardening protections enabled in Red Hat Enterprise Linux 7 and 8 that should greatly limit the impact of this flaw. An additional mitigation is to not use readelf to read files from untrusted sources. To learn more about binary hardening protections in Red Hat Enterprise Linux, please see https://access.redhat.com/articles/65299
In reply to comment #2: > This bug is in the readelf binary (which is not a service) and not bfd > (which a service could link to and hence be susceptible to a DoS) so this is > just a crash, not a DoS. This should not be considered a security bug. It's not a DoS for the reason you mentioned and it requires a potential victim to run readelf on an untrusted file (thus not "remote"), but it does have a stack buffer overflow out-of-bounds write of attacker-supplied data. Therefore, Red Hat Product Security has kept it as a security vulnerability and assigned a CVE.