908087 – (CVE-2023-1972) <sys-devel/binutils-2.41 : heap buffer overread

Bug 908087 (CVE-2023-1972) - <sys-devel/binutils-2.41 : heap buffer overread

Summary: <sys-devel/binutils-2.41 : heap buffer overread

Status:	RESOLVED FIXED

Alias:	CVE-2023-1972

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2023-06-09 04:38 UTC by John Helmert III
Modified:	2024-10-05 08:10 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-06-09 04:38:57 UTC

CVE-2023-1972 (https://sourceware.org/bugzilla/show_bug.cgi?id=30285):

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Patch is: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57

Comment 1 Larry the Git Cow gentoo-dev

2024-10-04 12:32:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b73103f94b4587a84a752a6d21a6de12f4ac1ab6

commit b73103f94b4587a84a752a6d21a6de12f4ac1ab6
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2024-10-04 12:32:00 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2024-10-04 12:32:00 +0000

    package.mask: Update binutils mask to <2.42
    
    Bug: https://bugs.gentoo.org/908087
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 profiles/package.mask | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comment 2 Hans de Graaff gentoo-dev

2024-10-05 08:10:40 UTC

noglsa as discussed with dilfridge on #gentoo-security.