Bug 1435300 (CVE-2017-7226) - CVE-2017-7226 binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd
Summary: CVE-2017-7226 binutils: Heap-based buffer over-read in pe_ILF_object_p functi...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-7226
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1435307 1435308 1435309
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-23 14:06 UTC by Adam Mariš
Modified: 2019-09-29 14:08 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:09:32 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2017-03-23 14:06:27 UTC 
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=20905

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa6631b4eecfcca00c13b9594e6336dffd40982f
Comment 1 Adam Mariš 2017-03-23 14:14:42 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1435308]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1435309]
Affects: fedora-all [bug 1435307]
Note You need to log in before you can comment on or make changes to this bug.