CVE-2023-1972
Published: 12 April 2023
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Notes
| Author | Note |
|---|---|
| seth-arnold | binutils isn't safe for untrusted inputs. |
| mdeslaur | buffer over-read, likely just a crash when parsing a corrupted file, setting priority to low |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
binutils Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Released
(2.38-4ubuntu2.2)
|
|
| kinetic |
Released
(2.39-3ubuntu1.2)
|
|
| lunar |
Released
(2.40-2ubuntu4.1)
|
|
| trusty |
Not vulnerable
(code not rpesent)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 |
||
|
gdb Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| kinetic |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Ignored
(out of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1972
- https://access.redhat.com/security/cve/CVE-2023-1972
- https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
- https://ubuntu.com/security/notices/USN-6101-1
- NVD
- Launchpad
- Debian