2233975 – (CVE-2022-35206) CVE-2022-35206 binutils: NULL pointer dereference in read_and_display_attr_value() in dwarf.c

Bug 2233975 (CVE-2022-35206) - CVE-2022-35206 binutils: NULL pointer dereference in read_and_display_attr_value() in dwarf.c

Summary: CVE-2022-35206 binutils: NULL pointer dereference in read_and_display_attr_va...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-35206
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2233976 2233977 2233978 2234150 2234151 2234152 2234153 2234154 2234155 2234156 2234157 2234158 2234159 2234160 2234161 2234162 2234163 2234164
Blocks:	2233947
TreeView+	depends on / blocked

Reported:	2023-08-23 20:12 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-02-16 08:55 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A null pointer dereference vulnerability was identified in Binutils' readelf, specifically in the function read_and_display_attr_value() in the file dwarf.c. Attackers could potentially exploit this vulnerability, leading to a null pointer dereference and causing a denial-of-service condition.
Clone Of:
Environment:
Last Closed:	2023-11-09 09:16:41 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-23 20:12:32 UTC

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=29290

Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 20:14:07 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233976]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2233977]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233978]

Comment 4 Nick Clifton 2023-08-24 12:07:35 UTC

(In reply to Guilherme de Almeida Suckevicz from comment #0)
> Null pointer dereference vulnerability in Binutils readelf 2.38.50 via
> function read_and_display_attr_value in file dwarf.c.

The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like readelf are not considered to be security issues, and hence do not qualify for CVE treatment.

Note You need to log in before you can comment on or make changes to this bug.

acrosby
ailan
bdettelb
caswilli
desktop-qa-list
fjansen
fweimer
gdb-bugs
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
keiths
kshier
mcermak
mpolacek
mprchlik
nickc
ohudlick
psegedy
rjones
sipoyare
sthirugn
tsasak
virt-maint
vkrizan