"apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf."
An issue was discovered in the Binary File Descriptor (BFD) library (aka
libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow
leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as
demonstrated by nm.
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD)
library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote
attackers to cause a denial of service (infinite recursion and application
crash) via a crafted ELF file.
The bug has been referenced in the following commit(s):
Author: Andreas K. Hüttel <email@example.com>
AuthorDate: 2020-04-26 00:32:31 +0000
Commit: Andreas K. Hüttel <firstname.lastname@example.org>
CommitDate: 2020-04-26 00:33:36 +0000
package.mask: Mask <binutils-2.33.1, bug 711324
Signed-off-by: Andreas K. Hüttel <email@example.com>
profiles/package.mask | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
No cleanup, but all masked.
(In reply to Andreas K. Hüttel from comment #4)
> No cleanup, but all masked.
Good enough for toolchain stuff. Thanks.
This issue was resolved and addressed in
GLSA 202007-39 at https://security.gentoo.org/glsa/202007-39
by GLSA coordinator Sam James (sam_c).