Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1435244 - (CVE-2017-7223) CVE-2017-7223 binutils: Global buffer overflow when attempting to unget EOF character
CVE-2017-7223 binutils: Global buffer overflow when attempting to unget EOF c...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20161201,reported=2...
: Security
Depends On: 1435307 1435308 1435309
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-23 08:55 EDT by Adam Mariš
Modified: 2017-03-24 09:49 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2017-03-23 08:55:58 EDT 
GNU assembler in GNU Binutils 2.27 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=20898

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17
Comment 1 Nick Clifton 2017-03-23 09:08:59 EDT 
(In reply to Adam Mariš from comment #0)
> GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow

I think that you mean GNU Binutils 2.27.  The bug is fixed in 2.28...
Comment 2 Adam Mariš 2017-03-23 10:13:52 EDT 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1435308]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1435309]
Affects: fedora-all [bug 1435307]
Comment 3 Adam Mariš 2017-03-24 09:49:13 EDT 
(In reply to Nick Clifton from comment #1)
> (In reply to Adam Mariš from comment #0)
> > GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow
> 
> I think that you mean GNU Binutils 2.27.  The bug is fixed in 2.28...

I took this description from MITRE and version in which the bug was found in the upstream bug is set to 2.28 as well.

I'll change it, thanks.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.