First published: Fri Oct 27 2017(Updated: )
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.29 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241210-1 2.43.50.20241215-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15938 is a vulnerability in the Binary File Descriptor (BFD) library, also known as libbfd, as distributed in GNU Binutils 2.29.
The Binutils package version 2.29.90.20180122-1 on Ubuntu is affected by CVE-2017-15938.
The Binutils package versions 2.31.1-16, 2.35.2-2, 2.40-2, and 2.41-5 on Debian are affected by CVE-2017-15938.
CVE-2017-15938 allows remote attackers to cause a denial of service by exploiting a miscalculation in the DW_FORM_ref_addr die refs, resulting in an invalid memory read in find_abstract_instance_name.
To fix CVE-2017-15938 on Ubuntu, update the Binutils package to version 2.29.90.20180122-1 or higher.
To fix CVE-2017-15938 on Debian, update the Binutils package to a version that has the remedy patch applied, such as versions 2.31.1-16, 2.35.2-2, 2.40-2, or 2.41-5.