CVE-2024-53589 - Buffer overflow in GNU Objdump tekhex

Summary

CVE: CVE-2024-53589
Component: objdump / BFD tekhex parser
Vulnerability Type: Buffer overflow / out-of-bounds read
Vendor: GNU Project
Product: GNU Binutils
Affected Versions: 2.43 (and potentially earlier)
Fix Status: Fixed (commit e0323071916878e0634a6e24d8250e4faff67e88)
Credit: 2ourc3

Description

A vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The issue occurs inside the Binary File Descriptor (BFD) library’s tekhex parser during format identification.

In the failing case, the parser attempts to read 8 bytes from an address that precedes the global variable _bfd_std_section, resulting in an out-of-bounds read. This invalid read is reachable with a crafted tekhex file and can be triggered simply by running objdump on the file.

Root cause

The root cause is improper handling of the bfd_abs_section pointer in the first_phase function (tekhex.c).

The code performs section traversal operations on bfd_abs_section_ptr without adequate validation, which can lead to dereferencing an invalid pointer and reading memory outside the intended bounds. Because this happens in the file-format probing / identification path, an attacker can trigger the issue by supplying a malicious tekhex input that causes the parser to walk into invalid section structures.

Fix

The issue was patched by adding proper validation checks in first_phase to prevent unsafe modification / traversal involving _bfd_std_section[] entries. The fix specifically hardens handling of bfd_abs_section in the tekhex parser.

Patch commit: e0323071916878e0634a6e24d8250e4faff67e88