Bug 2124569 (CVE-2022-38533)

Summary: CVE-2022-38533 binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: adudiak, ailan, aoliva, caswilli, dffrench, dkuc, dvlasenk, elima, erik-fedora, fjansen, fweimer, gdb-bugs, gzaronik, ikanias, jakub, jary, jburrell, jkoehler, jwong, kaycoth, keiths, klember, kshier, ktietz, kyoshida, manisandro, marcandre.lureau, mcermak, micjohns, mpolacek, mprchlik, ngough, nickc, ohudlick, rgodfrey, rjones, rravi, sipoyare, sthirugn, tmeszaro, tohughes, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: binutils 2.40 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2124579, 2124580, 2124645, 2124646, 2124647, 2124648, 2124649, 2124650, 2124651, 2124652, 2124653, 2124654, 2124655    
Bug Blocks: 2122689    

Description Guilherme de Almeida Suckevicz 2022-09-06 14:06:34 UTC
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=29482

Comment 1 Guilherme de Almeida Suckevicz 2022-09-06 14:22:26 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2124579]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2124580]

Comment 3 Guilherme de Almeida Suckevicz 2022-09-06 19:01:08 UTC
Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797

Comment 4 Nick Clifton 2022-09-07 11:46:44 UTC
Removing the Security flag because the problem is only triggered if the user is tricked into attempting to strip a corrupt COFF format file (a format not used by RHEL or Fedora), and all that happens is that the strip fails to complete.