The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | binutils | <Â 2.30.90.20180627-1 | binutils_2.30.90.20180627-1_all.deb |
Debian | 11 | all | binutils | <Â 2.30.90.20180627-1 | binutils_2.30.90.20180627-1_all.deb |
Debian | 10 | all | binutils | <Â 2.30.90.20180627-1 | binutils_2.30.90.20180627-1_all.deb |
Debian | 999 | all | binutils | <Â 2.30.90.20180627-1 | binutils_2.30.90.20180627-1_all.deb |
Debian | 13 | all | binutils | <Â 2.30.90.20180627-1 | binutils_2.30.90.20180627-1_all.deb |