Vulnerability identifier: #VU8814
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-126
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Binutils
Universal components / Libraries /
Libraries used by multiple products
Vendor: GNU
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the decode_line_info in dwarf2.c source code and is due to improper memory allocation. A remote attacker can send a specially crafted ELF file, trigger heap-based buffer over-read and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Binutils: 2.29
External links
http://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.