CVE-2023-1972
Published: 12 April 2023
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Notes
Author | Note |
---|---|
seth-arnold | binutils isn't safe for untrusted inputs. |
mdeslaur | buffer over-read, likely just a crash when parsing a corrupted file, setting priority to low |
Priority
Status
Package | Release | Status |
---|---|---|
binutils Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Released
(2.38-4ubuntu2.2)
|
|
kinetic |
Released
(2.39-3ubuntu1.2)
|
|
trusty |
Not vulnerable
(code not rpesent)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
lunar |
Released
(2.40-2ubuntu4.1)
|
|
Patches: upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57 |
||
gdb Launchpad, Ubuntu, Debian |
focal |
Needs triage
|
jammy |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
bionic |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1972
- https://access.redhat.com/security/cve/CVE-2023-1972
- https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
- https://ubuntu.com/security/notices/USN-6101-1
- NVD
- Launchpad
- Debian