Bug 1483597 (CVE-2017-12453)

Summary: CVE-2017-12453 binutils: out of bounds heap read in __bfd_vms_slurp_eeom function
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: erik-fedora, fedora-mingw, jakub, klember, ktietz, law, nickc, ohudlick, rjones, yselkowi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:21:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1483603, 1483604, 1483605    
Bug Blocks:    

Description Adam Mariš 2017-08-21 13:09:46 UTC 
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File
Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils
2.29 and earlier, allows remote attackers to cause an out of bounds
heap read via a crafted vms alpha file.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=21813
Comment 1 Adam Mariš 2017-08-21 13:12:31 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1483604]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1483603]
Affects: fedora-all [bug 1483605]