2234012 – (CVE-2022-45703) CVE-2022-45703 binutils: heap-based buffer overflow in display_debug_section() in readelf.c

Bug 2234012 (CVE-2022-45703) - CVE-2022-45703 binutils: heap-based buffer overflow in display_debug_section() in readelf.c

Summary: CVE-2022-45703 binutils: heap-based buffer overflow in display_debug_section(...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-45703
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2234014 2234015 2234016 2234270 2234271 2234272 2234273 2234274 2234275 2234276 2234277 2234278 2234279 2234280 2234281 2234282 2234283 2234284
Blocks:	2233947
TreeView+	depends on / blocked

Reported:	2023-08-23 21:17 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-11-14 11:28 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	A heap-based buffer overflow vulnerability was found in display_debug_section in binutils-2.40. An attacker using a specially crafted payload to trigger a buffer overflow resulting in damage to availability, confidentiality and integrity.
Clone Of:
Environment:
Last Closed:	2023-11-09 09:18:35 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-23 21:17:57 UTC

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=29799

Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 21:22:39 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2234014]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2234015]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2234016]

Comment 4 Nick Clifton 2023-08-24 12:55:35 UTC

(In reply to Guilherme de Almeida Suckevicz from comment #0)
> Heap buffer overflow vulnerability in binutils readelf before 2.40 via
> function display_debug_section in file readelf.c.

The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like readelf are not considered to be security issues, and hence do not qualify for CVE treatment.

Note You need to log in before you can comment on or make changes to this bug.

acrosby
ailan
bdettelb
caswilli
desktop-qa-list
fjansen
fweimer
gdb-bugs
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
keiths
kshier
mcermak
mpolacek
mprchlik
nickc
ohudlick
psegedy
rjones
sipoyare
sthirugn
tsasak
virt-maint
vkrizan