Bug 1542275 (CVE-2018-6543) - CVE-2018-6543 binutils: integer overflow in load_specific_debug_section function in objdump.c
Summary: CVE-2018-6543 binutils: integer overflow in load_specific_debug_section func...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-6543
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1542276
Blocks: 1542280
TreeView+ depends on / blocked
 
Reported: 2018-02-06 00:15 UTC by Laura Pardo
Modified: 2021-02-17 00:51 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 10:22:41 UTC
Embargoed:

Attachments (Terms of Use)

Description Laura Pardo 2018-02-06 00:15:31 UTC 
A flaw was found in GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 

References: 
https://sourceware.org/bugzilla/show_bug.cgi?id=22769

Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0
Comment 1 Laura Pardo 2018-02-06 00:15:54 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1542276]
Comment 2 Stefan Cornelius 2018-02-20 17:42:18 UTC 
Introduced by https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=4f1881b94473f1034f950feb863b464435a8fb5f
Comment 3 Stefan Cornelius 2018-02-21 10:16:30 UTC 
Statement:

This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Note You need to log in before you can comment on or make changes to this bug.