CVE-2017-15024

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-15024

CWE

https://cwe.mitre.org/data/definitions/835.html

find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Binutils	Gnu	2.29 (including)	2.29 (including)
Binutils	Ubuntu	artful	*
Binutils	Ubuntu	esm-infra-legacy/trusty	*
Binutils	Ubuntu	esm-infra/xenial	*
Binutils	Ubuntu	precise/esm	*
Binutils	Ubuntu	trusty	*
Binutils	Ubuntu	trusty/esm	*
Binutils	Ubuntu	upstream	*
Binutils	Ubuntu	xenial	*
Binutils	Ubuntu	zesty	*

References

https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/
https://sourceware.org/bugzilla/show_bug.cgi?id=22187
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References