A critical vulnerability (CVE-2022-47695) has been discovered in the Binutils objdump utility, a widely used tool for miscellaneous binary utilities, including displaying information about object files and converting them into different formats. This vulnerability affects versions of Binutils objdump before 2.39.3 and allows attackers to cause a denial of service or other unspecified impacts via the function "bfd_mach_o_get_synthetic_symtab" in the "mach-o.c" file. In this post, we will discuss the details of this vulnerability, how it can be exploited, and provide references to the original security disclosure and patch source code.
Exploit Details
The flaw exists due to improper handling of object files by the "bfd_mach_o_get_synthetic_symtab" function in the "mach-o.c" file, which is responsible for creating a synthetic symbol table for Mach-O object files. Attackers can craft a malicious object file designed to trigger this vulnerability, leading to a denial of service or other unspecified impacts.
Code Snippet
The following is a code snippet from the vulnerable function "bfd_mach_o_get_synthetic_symtab" in the "mach-o.c" file:
bfd_mach_o_symtab_command *sym = &mdata->dysym;
bfd_size_type size = sizeof (sym) * sym->nsyms;
unsigned long nsyms = sym->nsyms;
bfd_mach_o_synthetic_symbol *syms;
syms = bfd_malloc (size);
if (syms == NULL)
return NULL;
/* ... Rest of the code ... */
The issue lies in the calculation of the size variable, which is derived from the user-controlled value (sym->nsyms), potentially leading to an integer overflow and subsequent heap corruption when allocating memory for the syms variable.
The vulnerability has been addressed in Binutils objdump version 2.39.3, with the following patch
- bfd_size_type size = sizeof (sym) * sym->nsyms;
+ bfd_size_type size = sizeof (*syms) * nsyms;
The patch correctly calculates the size variable, avoiding the integer overflow and heap corruption issues.
For more information, please refer to the following resources
- CVE-2022-47695 - NVD Details
- Binutils objdump Patch Source Code
Conclusion
CVE-2022-47695 is a critical vulnerability in the Binutils objdump utility, which can lead to denial of service or other unspecified impacts. Users should update to version 2.39.3 or later to mitigate the vulnerability. Developers and system administrators should keep an eye on security announcements and update their tools as necessary to protect their systems and the software they develop from potential exploits.
Timeline
Published on: 08/22/2023 19:16:00 UTC
Last modified on: 08/26/2023 02:14:00 UTC