Submit #489991: GNU binutils/ld 2.43 Buffer Over-readinfo

TitleGNU binutils/ld 2.43 Buffer Over-read
Description**Description** A segmentation fault (SEGV) occurs in the ld command when the -w and -o options are used simultaneously, and the file specified by the -o option either does not have write permissions for the current user or points to a directory. This issue is detected by AddressSanitizer, which identifies a read access to an invalid memory address, leading to a program crash. **Affected Versions** binutils 2.43 **Impact** This vulnerability can cause the program to crash, affecting system stability and availability. In some cases, an attacker may exploit this vulnerability to perform a denial-of-service (DoS) attack. **Example** (base) swj@amax /tmp $ /data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld -w -o/root/1234 AddressSanitizer:DEADLYSIGNAL ================================================================= ==376931==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 (pc 0x5621f87aa617 bp 0x7ffe400e2e50 sp 0x7ffe400e2da0 T0) ==376931==The signal is caused by a READ memory access. ==376931==Hint: address points to the zero page. #0 0x5621f87aa617 in bfd_set_format /data/swj/optfuzz/benchmark/binutils-2.43/bfd/format.c:765:7 #1 0x5621f870a34f in open_output /data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlang.c:3443:8 #2 0x5621f86efb32 in ldlang_open_output /data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlang.c:3464:7 #3 0x5621f86d3c57 in lang_for_each_statement_worker /data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlang.c:1040:7 #4 0x5621f86d3e9b in lang_for_each_statement /data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlang.c:1083:3 #5 0x5621f86ed960 in lang_process /data/swj/optfuzz/benchmark/binutils-2.43/ld/ldlang.c:8172:3 #6 0x5621f871834c in main /data/swj/optfuzz/benchmark/binutils-2.43/ld/./ldmain.c:529:3 #7 0x7fc91d1fe082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #8 0x5621f85f06bd in _start (/data/swj/optfuzz/benchmark/binutils-2.43/bins/bin/ld+0x15a6bd) (BuildId: d9731e405748db264b62c84ded760ba4f068cb0a) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /data/swj/optfuzz/benchmark/binutils-2.43/bfd/format.c:765:7 in bfd_set_format ==376931==ABORTING
User
 wenjusun (UID 80422)
Submission01/27/2025 11:15 AM (4 months ago)
Moderation02/10/2025 08:32 AM (14 days later)
StatusAccepted
VulDB Entry295057 [GNU Binutils 2.43/2.44 format.c bfd_set_format memory corruption]
Points17

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!