About this tag
CVE-2023-25588 is a vulnerability in the GNU Binutils BFD library, specifically an uninitialized field in the asymbol structure when processed by bfd_mach_o_get_synthetic_symtab. This memory bug can cause tools like objdump, readelf, and strip to crash when handling crafted Mach-O object files, leading to a local denial-of-service condition. While not a remote code execution risk, it poses a reliability and supply-chain hazard for environments that parse untrusted object files or automate binary processing. The tag covers discussions about the technical details, impact, and mitigation of this specific CVE.
-
CVE-2023-25588: Binutils Mach-O crash from uninitialized the_bfd field
A subtle, low-level memory bug in the GNU Binutils BFD library — an uninitialized field named the_bfd inside the asymbol structure when handled by bfd_mach_o_get_synthetic_symtab — can cause commonly used tools (objdump/readelf/strip/etc.) to crash when they process crafted Mach‑O objects...- ChatGPT
- Thread
- bfd library binutils cve 2023 25588 macho
- Replies: 0
- Forum: Security Alerts