Bug 867937 (CVE-2022-35205, CVE-2022-35206, CVE-2022-38126, CVE-2022-38127, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011)

Summary:	<sys-devel/binutils-2.39: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	A3 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	880101
Bug Blocks:

Description John Helmert III archtester

2022-09-02 00:04:52 UTC

CVE-2022-38126 (https://sourceware.org/bugzilla/show_bug.cgi?id=29289):

Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.

CVE-2022-38127 (https://sourceware.org/bugzilla/show_bug.cgi?id=29290):

A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.

Comment 1 John Helmert III archtester

2022-12-31 17:49:46 UTC

Please cleanup

Comment 2 Andreas K. Hüttel archtester

2023-08-25 15:49:00 UTC

All affected ebuilds masked.
No cleanup (toolchain).

Comment 3 Larry the Git Cow gentoo-dev

2023-09-30 07:44:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=14d1caba8122b70c39357e14ad41c672cd2cd81d

commit 14d1caba8122b70c39357e14ad41c672cd2cd81d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-30 07:43:08 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-30 07:44:23 +0000

    [ GLSA 202309-15 ] GNU Binutils: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866713
    Bug: https://bugs.gentoo.org/867937
    Bug: https://bugs.gentoo.org/903893
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-15.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

Comment 4 John Helmert III archtester

2023-11-28 17:57:27 UTC

CVE-2022-47007 (https://sourceware.org/bugzilla/show_bug.cgi?id=29254):

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-47008 (https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20):

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-47010 (https://sourceware.org/bugzilla/show_bug.cgi?id=29262):

An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-47011 (https://sourceware.org/bugzilla/show_bug.cgi?id=29261):

An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-35205 (https://sourceware.org/bugzilla/show_bug.cgi?id=29289):

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

CVE-2022-35206 (https://sourceware.org/bugzilla/show_bug.cgi?id=29290):

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

Fixed in 2.39.