CWE
476
Advisory Published
Updated

CVE-2017-15022: Null Pointer Dereference

First published: Thu Oct 05 2017(Updated: )

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
GNU Binutils=2.29
debian/binutils
2.35.2-2
2.40-2
2.43.50.20241210-1
2.43.50.20241215-1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2017-15022?

    CVE-2017-15022 is a vulnerability in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, that allows remote attackers to cause a denial of service (application crash).

  • How does CVE-2017-15022 affect the affected software?

    CVE-2017-15022 affects the Ubuntu binutils package versions 2.26.1-1ubuntu1~16.04.8+, 2.29.90.20180122-1, and the Debian binutils package versions 2.31.1-16, 2.35.2-2, 2.40-2, and 2.41-5.

  • How can CVE-2017-15022 be exploited?

    CVE-2017-15022 can be exploited by remote attackers by causing a NULL pointer dereference or out-of-bounds access, leading to a denial of service and application crash.

  • What is the severity of CVE-2017-15022?

    The severity of CVE-2017-15022 is high.

  • Is there a fix available for CVE-2017-15022?

    Yes, there are various fixes available depending on the affected software version. Please refer to the provided references for more information on the specific fixes.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203