2124569 – (CVE-2022-38533) CVE-2022-38533 binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file

Bug 2124569 (CVE-2022-38533) - CVE-2022-38533 binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file

Summary: CVE-2022-38533 binutils: heap-based buffer overflow in bfd_getl32() when call...

Keywords:
Status:	NEW
Alias:	CVE-2022-38533
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2124579 2124580 2124645 2124646 2124647 2124648 2124649 2124650 2124651 2124652 2124653 2124654 2124655
Blocks:	2122689
TreeView+	depends on / blocked

Reported:	2022-09-06 14:06 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-03-29 03:35 UTC (History)
CC List:	41 users (show)
Fixed In Version:	binutils 2.40
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-09-06 14:06:34 UTC

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=29482

Comment 1 Guilherme de Almeida Suckevicz 2022-09-06 14:22:26 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2124579]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2124580]

Comment 3 Guilherme de Almeida Suckevicz 2022-09-06 19:01:08 UTC

Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797

Comment 4 Nick Clifton 2022-09-07 11:46:44 UTC

Removing the Security flag because the problem is only triggered if the user is tricked into attempting to strip a corrupt COFF format file (a format not used by RHEL or Fedora), and all that happens is that the strip fails to complete.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
ailan
aoliva
caswilli
dffrench
dkuc
dvlasenk
erik-fedora
fjansen
fweimer
gdb-bugs
gzaronik
ikanias
jakub
jary
jburrell
jkoehler
jwong
kaycoth
keiths
klember
kshier
ktietz
kyoshida
manisandro
marcandre.lureau
mcermak
micjohns
mpolacek
mprchlik
ngough
nickc
ohudlick
rgodfrey
rjones
rravi
sipoyare
sthirugn
tmeszaro
tohughes
virt-maint