[3.5] binutils: NULL pointer dereference in bfd_elf_final_link function (CVE-2017-7614)
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd) has a
“member access within null pointer”
undefined behavior issue, which might allow attackers to cause a denial
of service (application crash) or
possibly have unspecified other impact via an “int main() {return 0;}”
program.
References:
http://www.openwall.com/lists/oss-security/2017/04/10/16
https://nvd.nist.gov/vuln/detail/CVE-2017-7614
Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
(from redmine: issue id 7169, created on 2017-04-19, closed on 2018-09-27)
- Relations:
- parent #7167 (closed)
- Changesets:
- Revision a64b11f0 on 2017-04-25T13:54:46Z:
main/binutils: security fixes #7169 (CVE-2017-7614)