Red Hat Binutils Readelf Utility Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the readelf utility of the binutils package. This vulnerability can be exploited by a local attacker who provides a specially crafted Executable and Linkable Format (ELF) file. The exploitation leads to two issues: resource exhaustion, causing an out-of-memory condition, and a null pointer dereference, which results in a segmentation fault. Both issues can cause the readelf utility to become unresponsive or crash, thereby denying service.

Impact

Exploitation of this vulnerability causes the readelf utility to crash or become unresponsive, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by processing a crafted ELF file with the readelf utility. The malformed ELF file should be designed to trigger excessive memory allocation or cause a null pointer dereference, both of which can be achieved by manipulating specific ELF file headers or sections.

Remediation

Users are advised to avoid using the readelf utility on untrusted or suspicious ELF files.