cve/2017/CVE-2017-14938.md

CVE-2017-14938

Description

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

POC

Reference

• http://www.securityfocus.com/bid/101212
• https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/fokypoky/places-list