2185646 – (CVE-2023-1972) CVE-2023-1972 binutils: Illegal memory access when accessing a zer0-lengthverdef table

Bug 2185646 (CVE-2023-1972) - CVE-2023-1972 binutils: Illegal memory access when accessing a zer0-lengthverdef table

Summary: CVE-2023-1972 binutils: Illegal memory access when accessing a zer0-lengthver...

Keywords:
Status:	NEW
Alias:	CVE-2023-1972
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2186579 2186567 2186568 2186569 2186570 2186571 2186572 2186573 2186574 2186575 2186576 2186577 2186580 2186581 2186582 2186583 2186584 2186585 2186586 2186587 2186588 2186589 2186590 2186591
Blocks:	2185647
TreeView+	depends on / blocked

Reported:	2023-04-10 17:57 UTC by Pedro Sampaio
Modified:	2024-04-17 18:13 UTC (History)
CC List:	27 users (show)
Fixed In Version:	binutils 2.40
Doc Type:	If docs needed, set a value
Doc Text:	A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-04-10 17:57:30 UTC

Potential heap based buffer overflow found in _bfd_elf_slurp_version_tables() in bfd/elf.c.

References:

https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
https://sourceware.org/bugzilla/show_bug.cgi?id=30285

Comment 1 Nick Clifton 2023-04-11 13:06:44 UTC

Notes for people reviewing this CVE:

  1. It only affects programs that use the BFD library to load ELF symbol version information.
  2. It requires corrupt input in order to trigger the bug.
  3. If triggered the most that it can do is cause the program to terminate with a segmentation fault.  It will not cause the generation of corrupt output.

Comment 4 Marian Rehak 2023-04-13 18:26:57 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-36 [bug 2186584]
Affects: fedora-37 [bug 2186586]
Affects: fedora-all [bug 2186579]


Created insight tracking bugs for this issue:

Affects: fedora-36 [bug 2186582]
Affects: fedora-37 [bug 2186587]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-36 [bug 2186583]
Affects: fedora-37 [bug 2186588]


Created radare2 tracking bugs for this issue:

Affects: epel-7 [bug 2186591]
Affects: epel-8 [bug 2186590]
Affects: fedora-36 [bug 2186580]
Affects: fedora-37 [bug 2186589]


Created rizin tracking bugs for this issue:

Affects: epel-8 [bug 2186585]
Affects: fedora-36 [bug 2186581]

Note You need to log in before you can comment on or make changes to this bug.

ailan
bdettelb
caswilli
dffrench
dkuc
fjansen
fweimer
gzaronik
hkataria
jburrell
jkoehler
jmitchel
jtanner
kaycoth
kshier
mcermak
micjohns
mpolacek
mprchlik
ngough
nickc
ohudlick
rgodfrey
rjones
sipoyare
sthirugn
virt-maint