Mailinglist Archive: opensuse-bugs (4295 mails)

< Previous Next >
[Bug 1038877] New: VUL-1: binutils: readelf-heapoverflow2-byte_get_little_endian
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 12 May 2017 13:28:24 +0000
  • Message-id: <bug-1038877-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1038877


Bug ID: 1038877
Summary: VUL-1: binutils:
readelf-heapoverflow2-byte_get_little_endian
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 724892
--> http://bugzilla.opensuse.org/attachment.cgi?id=724892&action=edit
binutils-readelf-heapoverflow2-byte_get_little_endian_reproducer

Ref: https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
=======================================================================
# readelf -a $FILE
==20287==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000000039 at pc 0x00000064c061 bp 0x7ffcc34b2580 sp 0x7ffcc34b2578
READ of size 1 at 0x602000000039 thread T0
#0 0x64c060 in byte_get_little_endian
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/elfcomm.c:210:22
#1 0x5d31c5 in process_mips_specific
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:15190:8
#2 0x549e1d in process_arch_specific
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:16565:14
#3 0x549e1d in process_object
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:16770
#4 0x51780f in process_file
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:17138:13
#5 0x51780f in main
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:17209
#6 0x7fa5fc60b78f in __libc_start_main
/tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289
#7 0x41a158 in getenv
(/usr/x86_64-pc-linux-gnu/binutils-bin/2.28/readelf+0x41a158)

0x602000000039 is located 0 bytes to the right of 9-byte region
[0x602000000030,0x602000000039)
allocated by thread T0 here:
#0 0x4d9828 in malloc
/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.0/work/compiler-rt-4.0.0.src/lib/asan/asan_malloc_linux.cc:66
#1 0x518af2 in get_data
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:392:9
#2 0x5d2ee2 in process_mips_specific
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:15169:32
#3 0x549e1d in process_arch_specific
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:16565:14
#4 0x549e1d in process_object
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:16770
#5 0x51780f in process_file
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:17138:13
#6 0x51780f in main
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/readelf.c:17209
#7 0x7fa5fc60b78f in __libc_start_main
/tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289

SUMMARY: AddressSanitizer: heap-buffer-overflow
/tmp/portage/sys-devel/binutils-2.28/work/binutils-2.28/binutils/elfcomm.c:210:22
in byte_get_little_endian

Affected version:
2.28
Fixed version:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00258-binutils-readelf-heapoverflow2-byte_get_little_endian

Commit fix:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
=======================================================================


(open-)SUSE: https://software.opensuse.org/package/binutils

2.28 (TW, official repo)
2.26.1 (42.{1,2}, official repo)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages