GNU Binutils BFD Library Out-of-Bounds Read Vulnerability in XCOFF Relocation Processing

A vulnerability has been identified in the GNU Binutils BFD library, which is commonly used for managing binary files like object files and executables. The flaw arises when the library processes specially crafted XCOFF object files. An improper validation of the relocation type value allows for out-of-bounds memory access, potentially leading to application crashes or unintended disclosure of memory contents. This vulnerability affects all versions of GNU Binutils prior to 2.47.

Impact

Exploitation of this vulnerability causes a segmentation fault or application crash due to out-of-bounds memory access. Additionally, there is a risk of information disclosure, as the out-of-bounds read could expose sensitive data such as cryptographic keys or personal information. According to Red Hat, this vulnerability could also lead to arbitrary code execution by corrupting function pointers.

Reproduction

The vulnerability can be reproduced by processing a crafted XCOFF object file with the 'ld' command from GNU Binutils. The relocation type field in the XCOFF file must be manipulated to create an out-of-bounds access, which can be achieved by exploiting the lack of proper validation in the relocation processing functions.

Remediation

Users can upgrade to GNU Binutils version 2.47 or later, where this vulnerability has been fixed.