2233969 – (CVE-2022-35205) CVE-2022-35205 binutils: reachable assertion in display_debug_names() in dwarf.c

Bug 2233969 (CVE-2022-35205) - CVE-2022-35205 binutils: reachable assertion in display_debug_names() in dwarf.c

Summary: CVE-2022-35205 binutils: reachable assertion in display_debug_names() in dwarf.c

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-35205
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2233971 2233972 2233973 2234135 2234136 2234137 2234138 2234139 2234140 2234141 2234142 2234143 2234144 2234145 2234146 2234147 2234148 2234149
Blocks:	2233947
TreeView+	depends on / blocked

Reported:	2023-08-23 20:06 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-02-16 08:54 UTC (History)
CC List:	30 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-11-09 09:16:10 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-23 20:06:19 UTC

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=29289

Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 20:08:35 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233971]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2233972]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233973]

Comment 4 Nick Clifton 2023-08-24 12:03:23 UTC

(In reply to Guilherme de Almeida Suckevicz from comment #0)
> An issue was discovered in Binutils readelf 2.38.50, reachable assertion
> failure in function display_debug_names allows attackers to cause a denial
> of service.
 
The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like readelf are not considered to be security issues, and hence do not qualify for CVE treatment.

Note You need to log in before you can comment on or make changes to this bug.

acrosby
ailan
apmukher
bdettelb
caswilli
desktop-qa-list
fjansen
fweimer
gdb-bugs
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
keiths
kshier
mcermak
mpolacek
mprchlik
nickc
ohudlick
psegedy
rjones
sipoyare
sthirugn
tsasak
virt-maint
vkrizan