CVE-2016-2226

Published: 24 February 2017

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
binutils Launchpad, Ubuntu, Debian	artful	Not vulnerable (2.28-3ubuntu1)
	bionic	Not vulnerable (2.28-3ubuntu1)
	cosmic	Not vulnerable (2.28-3ubuntu1)
	disco	Not vulnerable (2.28-3ubuntu1)
	eoan	Not vulnerable (2.28-3ubuntu1)
	focal	Not vulnerable (2.28-3ubuntu1)
	groovy	Not vulnerable (2.28-3ubuntu1)
	hirsute	Not vulnerable (2.28-3ubuntu1)
	impish	Not vulnerable (2.28-3ubuntu1)
	jammy	Not vulnerable (2.28-3ubuntu1)
	kinetic	Not vulnerable (2.28-3ubuntu1)
	precise	Ignored (end of ESM support, was needed)
	trusty	Needed
	upstream	Released (2.28)
	wily	Ignored (reached end-of-life)
	xenial	Released (2.26.1-1ubuntu1~16.04.8+esm1)
	yakkety	Ignored (reached end-of-life)
	zesty	Not vulnerable (2.28-3ubuntu1)
	Patches: upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=fa3fcee7b8c73070306ec358e730d1dfcac246bf
binutils-h8300-hms Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needed
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needed
	kinetic	Needed
	precise	Does not exist (precise was needs-triage)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
gcc-arm-none-eabi Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	precise	Does not exist
	trusty	Does not exist (trusty was needs-triage)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
gcc-h8300-hms Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needed
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needed
	kinetic	Needed
	precise	Does not exist (precise was needed)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
gccxml Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	precise	Does not exist (precise was needed)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Does not exist
	zesty	Does not exist
gdb Launchpad, Ubuntu, Debian	artful	Not vulnerable (7.99.90.20170502-0ubuntu1)
	bionic	Not vulnerable (7.99.90.20170502-0ubuntu1)
	cosmic	Not vulnerable (7.99.90.20170502-0ubuntu1)
	disco	Not vulnerable (7.99.90.20170502-0ubuntu1)
	eoan	Not vulnerable (7.99.90.20170502-0ubuntu1)
	focal	Not vulnerable (7.99.90.20170502-0ubuntu1)
	groovy	Not vulnerable (7.99.90.20170502-0ubuntu1)
	hirsute	Not vulnerable (7.99.90.20170502-0ubuntu1)
	impish	Not vulnerable (7.99.90.20170502-0ubuntu1)
	jammy	Not vulnerable (7.99.90.20170502-0ubuntu1)
	kinetic	Not vulnerable (7.99.90.20170502-0ubuntu1)
	precise	Does not exist (precise was needed)
	trusty	Does not exist (trusty was released [7.7.1-0ubuntu5~14.04.3])
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Released (7.11.1-0ubuntu1~16.5)
	yakkety	Not vulnerable (7.11.90.20161005-0ubuntu2)
	zesty	Not vulnerable (7.12.50.20170314-0ubuntu1)
ht Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (2.1.0+repack1-1)
	cosmic	Not vulnerable (2.1.0+repack1-1)
	disco	Not vulnerable (2.1.0+repack1-1)
	eoan	Not vulnerable (2.1.0+repack1-1)
	focal	Not vulnerable (2.1.0+repack1-1)
	groovy	Not vulnerable (2.1.0+repack1-1)
	hirsute	Not vulnerable (2.1.0+repack1-1)
	impish	Not vulnerable (2.1.0+repack1-1)
	jammy	Not vulnerable (2.1.0+repack1-1)
	kinetic	Not vulnerable (2.1.0+repack1-1)
	precise	Does not exist (precise was needed)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
libiberty Launchpad, Ubuntu, Debian	artful	Not vulnerable (20161220-1)
	bionic	Not vulnerable (20161220-1)
	cosmic	Not vulnerable (20161220-1)
	disco	Not vulnerable (20161220-1)
	eoan	Not vulnerable (20161220-1)
	focal	Not vulnerable (20161220-1)
	groovy	Not vulnerable (20161220-1)
	hirsute	Not vulnerable (20161220-1)
	impish	Not vulnerable (20161220-1)
	jammy	Not vulnerable (20161220-1)
	kinetic	Not vulnerable (20161220-1)
	precise	Does not exist
	trusty	Does not exist (trusty was released [20131116-1ubuntu0.2])
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Released (20160215-1ubuntu0.2)
	yakkety	Ignored (reached end-of-life)
	zesty	Not vulnerable (20161220-1)
	Patches: upstream: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829 upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=b8106f544a7fd485b6959ebd197bdd99a8884416
nescc Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needed
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needed
	kinetic	Needed
	precise	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
sdcc Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Needed
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	precise	Does not exist (precise was needs-triage)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Ignored (end of standard support, was needed)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
valgrind Launchpad, Ubuntu, Debian	artful	Not vulnerable (1:3.12.0-1.1ubuntu1)
	bionic	Not vulnerable (1:3.12.0-1.1ubuntu1)
	cosmic	Not vulnerable (1:3.12.0-1.1ubuntu1)
	disco	Not vulnerable (1:3.12.0-1.1ubuntu1)
	eoan	Not vulnerable (1:3.12.0-1.1ubuntu1)
	focal	Not vulnerable (1:3.12.0-1.1ubuntu1)
	groovy	Not vulnerable (1:3.12.0-1.1ubuntu1)
	hirsute	Not vulnerable (1:3.12.0-1.1ubuntu1)
	impish	Not vulnerable (1:3.12.0-1.1ubuntu1)
	jammy	Not vulnerable (1:3.12.0-1.1ubuntu1)
	kinetic	Not vulnerable (1:3.12.0-1.1ubuntu1)
	precise	Does not exist (precise was needed)
	trusty	Does not exist (trusty was released [1:3.10.1-1ubuntu3~14.5])
	upstream	Needs triage
	wily	Ignored (reached end-of-life)
	xenial	Released (1:3.11.0-1ubuntu4.2)
	yakkety	Released (1:3.12.0~svn20160714-1ubuntu2.1)
	zesty	Not vulnerable (1:3.12.0-1ubuntu1)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security