SB2017081036 - Multiple vulnerabilities in GNU Binutils
Published: August 10, 2017 Updated: February 10, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 28 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2017-15996)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
2) Buffer overflow (CVE-ID: CVE-2017-15938)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
3) Input validation error (CVE-ID: CVE-2017-15939)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.
4) Input validation error (CVE-ID: CVE-2017-15225)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
5) Out-of-bounds read (CVE-ID: CVE-2017-15020)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which. A remote attacker can perform a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.
6) Out-of-bounds read (CVE-ID: CVE-2017-15021)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29,. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.
7) NULL pointer dereference (CVE-ID: CVE-2017-15022)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.
8) NULL pointer dereference (CVE-ID: CVE-2017-15023)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ELF file, related to concat_filename.
9) Infinite loop (CVE-ID: CVE-2017-15024)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
10) Division by zero (CVE-ID: CVE-2017-15025)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29,. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted ELF file.
11) NULL pointer dereference (CVE-ID: CVE-2017-14974)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
12) Memory leak (CVE-ID: CVE-2017-14930)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. A remote attacker can perform a denial of service attack.
13) Infinite loop (CVE-ID: CVE-2017-14932)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
14) Infinite loop (CVE-ID: CVE-2017-14933)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
15) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-14938)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
16) NULL pointer dereference (CVE-ID: CVE-2017-14940)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted ELF file.
17) Integer overflow (CVE-ID: CVE-2017-14745)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
18) Heap-based buffer overflow (CVE-ID: CVE-2017-14729)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which. A remote attacker can use a crafted ELF file to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Out-of-bounds read (CVE-ID: CVE-2017-14529)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.
20) Integer overflow (CVE-ID: CVE-2017-14333)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists in readelf.c within the process_version_sections function. A remote attacker can trigger integer overflow due to of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.
21) Out-of-bounds read (CVE-ID: CVE-2017-14128)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29,. A remote attacker can perform a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
22) Out-of-bounds read (CVE-ID: CVE-2017-14129)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29,. A remote attacker can perform a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
23) Out-of-bounds read (CVE-ID: CVE-2017-14130)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29,. A remote attacker can perform a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.
24) Out-of-bounds read (CVE-ID: CVE-2017-13757)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
25) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2017-13716)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
26) NULL pointer dereference (CVE-ID: CVE-2017-13710)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a group section that is too small.
27) Stack-based buffer overflow (CVE-ID: CVE-2017-12967)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed when processing a malformed tekhex binary. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Buffer overflow (CVE-ID: CVE-2017-12799)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/101608
- https://security.gentoo.org/glsa/201801-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=22361
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b
- http://www.securityfocus.com/bid/101610
- https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22209
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a
- http://www.securityfocus.com/bid/101613
- https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22205
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9
- https://sourceware.org/bugzilla/show_bug.cgi?id=22212
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0
- https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22202
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5
- https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22197
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d
- https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22201
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8
- http://www.securityfocus.com/bid/101611
- https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22200
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf
- https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22187
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2
- https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22186
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48
- https://sourceware.org/bugzilla/show_bug.cgi?id=22163
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf
- https://sourceware.org/bugzilla/show_bug.cgi?id=22191
- https://sourceware.org/bugzilla/show_bug.cgi?id=22204
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005
- http://www.securityfocus.com/bid/101203
- https://security.gentoo.org/glsa/201811-17
- https://sourceware.org/bugzilla/show_bug.cgi?id=22210
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32
- http://www.securityfocus.com/bid/101212
- https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22166
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6
- https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe
- https://sourceware.org/bugzilla/show_bug.cgi?id=22148
- https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22170
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
- https://sourceware.org/bugzilla/show_bug.cgi?id=22113
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
- https://sourceware.org/bugzilla/show_bug.cgi?id=21990
- http://www.securityfocus.com/bid/100623
- https://sourceware.org/bugzilla/show_bug.cgi?id=22059
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780
- http://www.securityfocus.com/bid/100624
- https://sourceware.org/bugzilla/show_bug.cgi?id=22047
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643
- http://www.securityfocus.com/bid/100625
- https://sourceware.org/bugzilla/show_bug.cgi?id=22058
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229
- http://www.securityfocus.com/bid/100532
- https://sourceware.org/bugzilla/show_bug.cgi?id=22018
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a
- https://sourceware.org/bugzilla/show_bug.cgi?id=22009
- http://www.securityfocus.com/bid/100499
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b
- http://www.securityfocus.com/bid/100462
- https://sourceware.org/bugzilla/show_bug.cgi?id=21962
- http://www.securityfocus.com/bid/100292
- https://sourceware.org/bugzilla/show_bug.cgi?id=21933