Bug 2124569 (CVE-2022-38533) - CVE-2022-38533 binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file
Summary: CVE-2022-38533 binutils: heap-based buffer overflow in bfd_getl32() when call...
Keywords:
Status: NEW
Alias: CVE-2022-38533
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2124579 2124580 2124645 2124646 2124647 2124648 2124649 2124650 2124651 2124652 2124653 2124654 2124655
Blocks: 2122689
TreeView+ depends on / blocked
 
Reported: 2022-09-06 14:06 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-12-12 18:22 UTC (History)
45 users (show)

Fixed In Version: binutils 2.40
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-09-06 14:06:34 UTC
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=29482

Comment 1 Guilherme de Almeida Suckevicz 2022-09-06 14:22:26 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2124579]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2124580]

Comment 3 Guilherme de Almeida Suckevicz 2022-09-06 19:01:08 UTC
Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797

Comment 4 Nick Clifton 2022-09-07 11:46:44 UTC
Removing the Security flag because the problem is only triggered if the user is tricked into attempting to strip a corrupt COFF format file (a format not used by RHEL or Fedora), and all that happens is that the strip fails to complete.


Note You need to log in before you can comment on or make changes to this bug.