邓朋

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions prior to 2.40 **Description** The issue is related to a memory leak in the `find abstract instance` function in `dwarf2.c`. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.40, update to version 2.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the `find abstract instance` function in `dwarf2.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions prior to 2.40 **Description** The issue is related to excessive memory consumption via the `load separate debug files` function at `dwarf2.c`. An attacker could supply a crafted ELF file, potentially leading to a DNS attack. The vulnerability can be exploited by a remote attacker who provides a specially crafted ELF file. **Recommendations** For GNU Binutils versions prior to 2.40, update to version 2.40 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `load separate debug files` function in `dwarf2.c` to minimize the risk of exploitation. Avoid processing untrusted ELF files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions prior to 2.40 **Description** The issue is related to excessive memory consumption via the `bfd dwarf2 find nearest line with alt` function at `dwarf2.c`. An attacker could supply a crafted ELF file, potentially leading to a DNS attack. The vulnerability can be exploited remotely. **Recommendations** For versions prior to 2.40, update to version 2.40 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bfd dwarf2 find nearest line with alt` function until a patch is available. Avoid using crafted ELF files in the affected GNU Binutils versions until the issue is resolved.