CVE-2017-15023

Source
Severity Medium
Remote Yes
Type Denial of service
Description
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.
Group Package Affected Fixed Severity Status Ticket
AVG-435 binutils 2.29.1-1 High Vulnerable
References
https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
https://sourceware.org/bugzilla/show_bug.cgi?id=22200
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf