oss-sec mailing list archives
binutils: Stack-overflow in debug_write_type in debug.c
From: Pavel Mayorov <pmayorov () cloudlinux com>
Date: Thu, 23 Dec 2021 15:33:30 +0300
Hello! It was observed that CVE-2018-12700 in binutils package wasn't completely fixed. I was able to reproduce that issue by following instructions I had described in https://sourceware.org/bugzilla/show_bug.cgi?id=28718 I assessed that this issue is only locally exploitable. Its impact is to resource availability and observable effects of objdump which I've tested range from fatal signal reception to livelock (due to optimization of recursions). The exact effect depends on compiler version and operating system. Due to the nature of binutils which are normally used by developers only and don't affect production environments, I've decided to publicly report that issue. -- Best regards, Pavel Mayorov Senior C Developer CloudLinux.com | KernelCare.com | Imunify360 | AlmaLinux helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support Follow twitter.com/CloudLinuxOS for technical updates
Current thread:
- binutils: Stack-overflow in debug_write_type in debug.c Pavel Mayorov (Dec 23)