2165837 – (CVE-2023-22603) CVE-2023-22603 binutils: objdump SEGV in display_debug_lines_decoded

Bug 2165837 (CVE-2023-22603) - CVE-2023-22603 binutils: objdump SEGV in display_debug_lines_decoded

Summary: CVE-2023-22603 binutils: objdump SEGV in display_debug_lines_decoded

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-22603
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2157097
TreeView+	depends on / blocked

Reported:	2023-01-31 09:04 UTC by Dhananjay Arunesh
Modified:	2023-04-06 07:57 UTC (History)
CC List:	33 users (show)
Fixed In Version:	binutils 2.40
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-02-06 07:07:18 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-01-31 09:04:30 UTC

A vulnerability was found in binutils where, objdump SEGV found in display_debug_lines_decoded in dwarf.c.

References:
https://sourceware.org/bugzilla/show_bug.cgi?id=29870
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2f58a399cf3f946983398cdfe52d0eaa72bf877

Comment 1 Siddhesh Poyarekar 2023-01-31 11:20:12 UTC

objdump is a standalone binary.  This is not a security issue, it's just a regular crash so please reject the CVE.

Comment 3 Dhananjay Arunesh 2023-02-06 07:08:43 UTC

In reply to comment #1:
> objdump is a standalone binary.  This is not a security issue, it's just a
> regular crash so please reject the CVE.

CVE rejected.

Note You need to log in before you can comment on or make changes to this bug.

acrosby
ailan
bdettelb
caswilli
dffrench
dkuc
fjansen
fweimer
gdb-bugs
gzaronik
hbraun
hkataria
jburrell
jkoehler
jmitchel
jtanner
jwon
kaycoth
keiths
kshier
mcermak
micjohns
mnewsome
mpolacek
mprchlik
ngough
nickc
ohudlick
rgodfrey
rjones
sipoyare
sthirugn
virt-maint