Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2023-1972

Published: 12 April 2023

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Notes

AuthorNote
seth-arnold 
binutils isn't safe for untrusted inputs.
mdeslaur 
buffer over-read, likely just a crash when parsing a corrupted
file, setting priority to low

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
jammy
Released (2.38-4ubuntu2.2)
kinetic
Released (2.39-3ubuntu1.2)
trusty Not vulnerable
(code not rpesent)
upstream Needs triage

xenial Not vulnerable
(code not present)
lunar
Released (2.40-2ubuntu4.1)
Patches:
upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
gdb
Launchpad, Ubuntu, Debian 		focal Needs triage

jammy Needs triage

kinetic Ignored
(end of life, was needs-triage)
lunar Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

bionic Needs triage

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading