CVE-2017-15023 — NULL Pointer Dereference in Binutils

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 34.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedOct 5

Latest updateMay 14

Description

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/binutils< 2.29.90.20180122-1+3

▶NVDgnu/binutils2.29

Patches

Patch: blogs.gentoo.org ↗Patch: sourceware.org ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-v237-vcgw-685x: read_formatted_entries in dwarf2↗2022-05-14

▶

OSV

CVE-2017-15023: read_formatted_entries in dwarf2↗2017-10-05

▶

CVEList

CVE-2017-15023: read_formatted_entries in dwarf2↗2017-10-04

▶

📋Vendor Advisories

Red Hat

binutils: NULL pointer dereference in read_formatted_entries↗2017-09-25

▶

Red Hat

binutils: NULL pointer dereference in the concat_filename↗2017-09-25

▶

Debian

CVE-2017-15023: binutils - read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (...↗2017

▶

💬Community

Bugzilla

CVE-2017-15939 binutils: NULL pointer dereference in the concat_filename↗2017-11-07

▶

Bugzilla

CVE-2017-15023 binutils: NULL pointer dereference in read_formatted_entries↗2017-10-10

▶