Bug 2185646 (CVE-2023-1972)

Summary: CVE-2023-1972 binutils: Illegal memory access when accessing a zer0-lengthverdef table
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ailan, bdettelb, caswilli, dffrench, dfreiber, dkuc, doconnor, drow, fjansen, fweimer, gzaronik, hkataria, jburrell, jforrest, jkoehler, jmitchel, jsamir, jtanner, kaycoth, kholdawa, kshier, lcouzens, lphiri, mcermak, micjohns, mpolacek, mprchlik, mskarbek, ngough, nickc, ohudlick, rgodfrey, rjones, sipoyare, sthirugn, teagle, virt-maint, vkrizan, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: binutils 2.40 Doc Type: If docs needed, set a value
Doc Text:
A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2186567, 2186568, 2186569, 2186570, 2186571, 2186572, 2186573, 2186574, 2186575, 2186576, 2186577, 2186579, 2186580, 2186581, 2186582, 2186583, 2186584, 2186585, 2186586, 2186587, 2186588, 2186589, 2186590, 2186591    
Bug Blocks: 2185647    

Description Pedro Sampaio 2023-04-10 17:57:30 UTC 
Potential heap based buffer overflow found in _bfd_elf_slurp_version_tables() in bfd/elf.c.

References:

https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
https://sourceware.org/bugzilla/show_bug.cgi?id=30285
Comment 1 Nick Clifton 2023-04-11 13:06:44 UTC 
Notes for people reviewing this CVE:

  1. It only affects programs that use the BFD library to load ELF symbol version information.
  2. It requires corrupt input in order to trigger the bug.
  3. If triggered the most that it can do is cause the program to terminate with a segmentation fault.  It will not cause the generation of corrupt output.
Comment 4 Marian Rehak 2023-04-13 18:26:57 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-36 [bug 2186584]
Affects: fedora-37 [bug 2186586]
Affects: fedora-all [bug 2186579]


Created insight tracking bugs for this issue:

Affects: fedora-36 [bug 2186582]
Affects: fedora-37 [bug 2186587]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-36 [bug 2186583]
Affects: fedora-37 [bug 2186588]


Created radare2 tracking bugs for this issue:

Affects: epel-7 [bug 2186591]
Affects: epel-8 [bug 2186590]
Affects: fedora-36 [bug 2186580]
Affects: fedora-37 [bug 2186589]


Created rizin tracking bugs for this issue:

Affects: epel-8 [bug 2186585]
Affects: fedora-36 [bug 2186581]