Bugzilla – Bug 1061229
VUL-0: CVE-2017-14938: binutils: cause a denial of service (memory allocation) in _bfd_elf_slurp_version_tables in elf.c
Last modified: 2020-04-01 16:58:53 UTC
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD)
library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote
attackers to cause a denial of service (excessive memory allocation and
application crash) via a crafted ELF file.
Created attachment 742690 [details]
#> nm -A -a -l -S -s --special-syms --synthetic 336.crashes.bin
nm: crash.bin: Memory exhausted
As Alan says upstream:
> I'm inclined to think that fuzzed binaries that cause huge memory allocations
> are not something that the binutils project should be concerned about. Your
> binary says it has 3909091329 verneed entries, which on a 64-bit host are
> stored internally in a 64 byte struct. That's 250181845056 bytes.
> On my system
> bfd_zalloc2 (abfd=abfd@entry=0x714290, nmemb=3909091329, size=size@entry=64)
> fails with ENOMEM.
> I think that is a quite reasonable result.
He also says this is easy to fix, so he did it. As your reproduction tells
us, it (quite) reasonably fails with mem exhausted. This is exactly what
I'd expect, so I don't see what we'd need to fix.
Please close this. Same for the other recent memory exhausting CVE (please
tell me again why we even still continue to care about CVEs at all? They seem
basically "program fails" reports created by drones.)
Closing as WONT FIX.