GNU Binutils before 2.40 was discovered to contain an excessive memory
consumption vulnerability via the function
bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could
supply a crafted ELF file and cause a DNS attack.
Author | Note |
---|---|
seth-arnold | binutils isn’t safe for untrusted inputs. |
ccdm94 | upstream does not consider this a security issue, as per their binutils/SECURITY.txt security file. That is because this issue affects nm, an inspection tool. For bionic and earlier, the patch seems to introduce a memory leak, so these releases will be marked as ignored. |