CVE-2023-1972: Buffer Overflow
First published: Mon Apr 10 2023(Updated: )
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Binutils | >=2.35<=2.40 | |
| redhat/binutils | <2.40 | 2.40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2185646
- https://security.gentoo.org/glsa/202309-15
- https://sourceware.org/bugzilla/show_bug.cgi?id=30285
- https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186584
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186586
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186579
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186582
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186587
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186583
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186588
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186591
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186590
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186580
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186589
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186585
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2186581
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-1972.
Where was the vulnerability found?
The vulnerability was found in _bfd_elf_slurp_version_tables() in bfd/elf.c.
What is the impact of the vulnerability?
The vulnerability may lead to a heap-based buffer overflow, resulting in a loss of availability.
What software is affected by the vulnerability?
The vulnerability affects GNU Binutils versions between 2.35 and 2.40.
How severe is the vulnerability?
The vulnerability has a severity value of 6.5 (medium).
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-1972
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- vendor/gnu
- canonical/gnu binutils
- version/gnu binutils/2.35
- version/gnu binutils/2.40
- package-manager/redhat