Bug 1061229 - (CVE-2017-14938) VUL-0: CVE-2017-14938: binutils: cause a denial of service (memory allocation) in _bfd_elf_slurp_version_tables in elf.c
(CVE-2017-14938)
VUL-0: CVE-2017-14938: binutils: cause a denial of service (memory allocation...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michael Matz
Security Team bot
https://smash.suse.de/issue/192696/
CVSSv2:SUSE:CVE-2017-14938:5.0:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-02 08:36 UTC by Alexander Bergmann
Modified: 2020-04-01 16:58 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
QA Reproducer (30.10 KB, application/x-executable)
2017-10-02 08:37 UTC, Alexander Bergmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Alexander Bergmann 2017-10-02 08:37:35 UTC
Created attachment 742690 [details]
QA Reproducer

#> nm -A -a -l -S -s --special-syms --synthetic 336.crashes.bin
nm: crash.bin: Memory exhausted
Comment 2 Michael Matz 2017-10-02 14:03:15 UTC
As Alan says upstream:

> I'm inclined to think that fuzzed binaries that cause huge memory allocations
> are not something that the binutils project should be concerned about.  Your
> binary says it has 3909091329 verneed entries, which on a 64-bit host are
> stored internally in a 64 byte struct.  That's 250181845056 bytes.
> 
> On my system
> bfd_zalloc2 (abfd=abfd@entry=0x714290, nmemb=3909091329, size=size@entry=64)
> fails with ENOMEM.
> 
> I think that is a quite reasonable result.

He also says this is easy to fix, so he did it.  As your reproduction tells
us, it (quite) reasonably fails with mem exhausted.  This is exactly what
I'd expect, so I don't see what we'd need to fix.

Please close this.  Same for the other recent memory exhausting CVE (please
tell me again why we even still continue to care about CVEs at all?  They seem
basically "program fails" reports created by drones.)
Comment 3 Alexander Bergmann 2018-02-19 15:00:46 UTC
Closing as WONT FIX.