GNU Binutils Memory Leak Vulnerability in ld Component

A memory leak vulnerability has been identified in GNU Binutils version 2.43. This issue arises in the ld component, specifically within the bfd_malloc function of libbfd.c. The vulnerability allows for a remote memory leak, where the application fails to properly manage and release allocated memory, leading to increased memory consumption over time. Although the vulnerability is publicly known and has a proof-of-concept exploit available, its exploitation is considered difficult and requires user interaction.

Impact

Exploitation of this vulnerability leads to a memory leak, causing the application to consume more memory over time without releasing it, which can eventually degrade performance or cause availability issues.

Remediation

Users are advised to apply the patch available in the GNU Binutils master branch to address this vulnerability. The vulnerability is also documented in the vulnerability database at Tenable.