A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file. External References: https://sourceware.org/bugzilla/show_bug.cgi?id=25821 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4
Created binutils tracking bugs for this issue: Affects: fedora-32 [bug 1906783] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1906784]
Flaw summary: This flaw is a simple typo where `chains` is free()'d but `bucket` is accidentally set to NULL instead of chains. Since chains is not set to NULL, this can result in a double-free. It doesn't exist in the code we ship in 2.30 or 2.35 and thus is not affected.
Statement: binutils as shipped in Red Hat Developer Toolsets 9 and 10, Red Hat Enterprise Linux 8 BaseOS and GCC Toolsets 9 and 10, are all not affected by this flaw as it was introduced in a newer version of binutils code than shipped for BaseOS and the 9 toolsets, but already patched in the versions shipped with 10 toolsets.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16590