CVE-2016-2226

Published: 24 February 2017

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream
Released (2.28)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=fa3fcee7b8c73070306ec358e730d1dfcac246bf
binutils-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gcc-arm-none-eabi
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
gcc-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gccxml
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gdb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (7.11.1-0ubuntu1~16.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])
ht
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
libiberty
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(20161220-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(20161220-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(20161220-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (20160215-1ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [20131116-1ubuntu0.2])
Patches:
Upstream: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829
Upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=b8106f544a7fd485b6959ebd197bdd99a8884416
nescc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
sdcc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
valgrind
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:3.11.0-1ubuntu4.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:3.10.1-1ubuntu3~14.5])