2233958 – (CVE-2022-48064) CVE-2022-48064 binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c

Bug 2233958 (CVE-2022-48064) - CVE-2022-48064 binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c

Summary: CVE-2022-48064 binutils: excessive memory consumption in _bfd_dwarf2_find_nea...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-48064
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2233960 2233961 2233962 2234104 2234105 2234106 2234107 2234108 2234109 2234110 2234111 2234112 2234113 2234114 2234116 2234117 2234118 2234119
Blocks:	2233947
TreeView+	depends on / blocked

Reported:	2023-08-23 19:54 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-02-16 08:51 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An excessive memory consumption vulnerability was identified in GNU Binutils, specifically in the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. An attacker could exploit this by providing a crafted ELF file, potentially leading to a denial of service attack through excessive memory usage.
Clone Of:
Environment:
Last Closed:	2023-11-09 09:15:46 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-23 19:54:21 UTC

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

References:
https://sourceware.org/bugzilla/show_bug.cgi?id=29922
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931

Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 19:56:16 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233960]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2233961]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233962]

Comment 4 Nick Clifton 2023-08-24 11:52:42 UTC

(In reply to Guilherme de Almeida Suckevicz from comment #0)
> GNU Binutils before 2.40 was discovered to contain an excessive memory
> consumption vulnerability via the function
> bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply
> a crafted ELF file and cause a DNS attack.
 
The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like nm are not considered to be security issues, and hence do not qualify for CVE treatment.

Note You need to log in before you can comment on or make changes to this bug.

acrosby
ailan
bdettelb
caswilli
desktop-qa-list
fjansen
fweimer
gdb-bugs
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
keiths
kshier
mcermak
mpolacek
mprchlik
nickc
ohudlick
psegedy
rjones
sipoyare
sthirugn
tsasak
virt-maint
vkrizan