NULL Pointer Dereference in binutils

Do your applications use this vulnerable package? Test your applications

Overview

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

References

Debian Security Tracker
Gentoo Security Advisory
Security Focus
Ubuntu CVE Tracker
https://sourceware.org/bugzilla/show_bug.cgi?id=20891

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-7225
CWE: CWE-476
Snyk ID: SNYK-DEBIAN8-BINUTILS-403540
Disclosed: 22 Mar, 2017
Published: 22 Mar, 2017

NULL Pointer Dereference
Affecting binutils package, versions *

Overview

References

CVSS Score

NULL Pointer Dereference Affecting binutils package, versions *

Overview

References

NULL Pointer Dereference
Affecting binutils package, versions *