Bug 1664703 (CVE-2018-20651) - CVE-2018-20651 binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service
Summary: CVE-2018-20651 binutils: NULL pointer dereference in elf_link_add_object_symb...
Keywords:
Status: NEW
Alias: CVE-2018-20651
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1664713 1664714 1664715 1668416 1668417 1668418 1668419
Blocks: 1664716
TreeView+ depends on / blocked
 
Reported: 2019-01-09 13:39 UTC by Andrej Nemec
Modified: 2019-09-29 15:04 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Andrej Nemec 2019-01-09 13:39:23 UTC
A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils. A crafted filed could cause the application to crash.

Upstream issue:

https://sourceware.org/bugzilla/show_bug.cgi?id=24041

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f

Comment 1 Andrej Nemec 2019-01-09 13:48:10 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1664713]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1664715]
Affects: fedora-all [bug 1664714]

Comment 2 Riccardo Schirone 2019-01-22 16:57:27 UTC
> A NULL pointer dereference was found in elf_link_add_object_symbols function of binutils

Function elf_link_add_object_symbols() in binutils does not properly check ELF files with no program headers, resulting in an invalid memory dereference. The issue can only be used to make the application crash, as the wrong address fall in the part occupied by the kernel and inaccessible by user application.

Comment 3 Riccardo Schirone 2019-01-22 17:02:06 UTC
The flaws was introduced in:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9acc85a62eb76c270724bba15c889d2d05567b6a

As such, it does not affect RHEL 5, 6 and 7.

Comment 6 Riccardo Schirone 2019-01-23 08:48:00 UTC
Statement:

This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code, which was introduced in a newer version of the package.


Note You need to log in before you can comment on or make changes to this bug.