Bug 1435244 (CVE-2017-7223) - CVE-2017-7223 binutils: Global buffer overflow when attempting to unget EOF character
Summary: CVE-2017-7223 binutils: Global buffer overflow when attempting to unget EOF c...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-7223
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1435307 1435308 1435309
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-23 12:55 UTC by Adam Mariš
Modified: 2019-09-29 14:08 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:09:27 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-03-23 12:55:58 UTC
GNU assembler in GNU Binutils 2.27 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=20898

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17

Comment 1 Nick Clifton 2017-03-23 13:08:59 UTC
(In reply to Adam Mariš from comment #0)
> GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow

I think that you mean GNU Binutils 2.27.  The bug is fixed in 2.28...

Comment 2 Adam Mariš 2017-03-23 14:13:52 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1435308]


Created mingw-binutils tracking bugs for this issue:

Affects: epel-all [bug 1435309]
Affects: fedora-all [bug 1435307]

Comment 3 Adam Mariš 2017-03-24 13:49:13 UTC
(In reply to Nick Clifton from comment #1)
> (In reply to Adam Mariš from comment #0)
> > GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow
> 
> I think that you mean GNU Binutils 2.27.  The bug is fixed in 2.28...

I took this description from MITRE and version in which the bug was found in the upstream bug is set to 2.28 as well.

I'll change it, thanks.


Note You need to log in before you can comment on or make changes to this bug.