Bug 1483583 (CVE-2017-12459) - CVE-2017-12459 binutils: out of bounds heap write in bfd_mach_o_read_symtab_strtab function
Summary: CVE-2017-12459 binutils: out of bounds heap write in bfd_mach_o_read_symtab_s...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-12459
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1483603 1483605 1483604
Blocks: 1483587
TreeView+ depends on / blocked
 
Reported: 2017-08-21 12:44 UTC by Adam Mariš
Modified: 2019-09-29 14:19 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-22 12:53:42 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-08-21 12:44:15 UTC
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the
Binary File Descriptor (BFD) library (aka libbfd), as distributed in
GNU Binutils 2.29 and earlier, allows remote attackers to cause an out
of bounds heap write and possibly achieve code execution via a crafted
mach-o file.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=21840

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc

Comment 1 Adam Mariš 2017-08-21 13:14:23 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1483604]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1483603]
Affects: fedora-all [bug 1483605]

Comment 2 Pedro Yóssis Silva Barbosa 2017-09-22 12:53:42 UTC
The issues did not affect Red Hat Enterprise Linux 5, 6, 7 and devtools 4, 6 and 7.
Red Hat does not ship binutils compiled with the --enable-targets=all configuration. Therefore, Product Security Team was not able to reproduce the issues.


Note You need to log in before you can comment on or make changes to this bug.