Category Archives: security

binutils: invalid memory read in find_abstract_instance_name (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==23816==ERROR: AddressSanitizer: SEGV on unknown address 0x4700004008d0 (pc 0x0000005427b6 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX FOR CVE-2017-15023)

Description: binutils is a set of tools necessary to build programs. The commit fix for this issue says: The PR22200 fuzzer testcase found one way to put NULLs into .debug_line file tables. PR22205 finds another. So mitre considers this an … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in parse_die (dwarf1.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==26890==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6130000006d3 at pc 0x000000472115 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in bfd_hash_hash (hash.c)

Description: binutils is a set of tools necessary to build programs. The stacktrace of this issue appears to be a NULL pointer access. However the upstream maintainer changed the summary of the bugreport to “DW_AT_name with out of bounds reference”. … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in concat_filename (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==3765==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000006a7376 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in bfd_get_debug_link_info_1 (opncls.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==11994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000029e at pc 0x7f800af7095d bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: divide-by-zero in decode_line_info (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==11125==ERROR: AddressSanitizer: FPE on unknown address 0x7f5e01fd42e5 (pc 0x7f5e01fd42e5 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: infinite loop in find_abstract_instance_name (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The relevant ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==22616==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc2948efe8 (pc 0x0000004248eb bp 0x7ffc2948f8e0 … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in read_1_byte (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==3235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000512 at pc 0x7f7c93ae3c88 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in scan_unit_for_symbols (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==491==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6e3316d573 bp … Continue reading

Posted in advisories, security | Leave a comment