The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.
La función process_version_sections en readelf.c en GNU Binutils 2.29 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de enteros y bloqueo debido a un bucle largo) o que puedan causar otro tipo de impacto sin especificar mediante un archivo binario sin especificar con valores inválidos de ent.vn_next, durante la ejecución de "readelf -a".
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
