Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 866713 (CVE-2022-38128, CVE-2022-38533, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-25584, CVE-2023-25585, CVE-2023-25586, CVE-2023-25588) - <sys-devel/binutils-2.40: multiple vulnerabilities
Summary: <sys-devel/binutils-2.40: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-38128, CVE-2022-38533, CVE-2022-44840, CVE-2022-45703, CVE-2022-47673, CVE-2022-47695, CVE-2022-47696, CVE-2022-48063, CVE-2022-48064, CVE-2022-48065, CVE-2023-25584, CVE-2023-25585, CVE-2023-25586, CVE-2023-25588
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A3 [cve glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-26 15:46 UTC by John Helmert III
Modified: 2023-11-28 17:59 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-26 15:46:13 UTC
CVE-2022-38533:

In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

It obviously means 2.40.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-02 00:05:30 UTC
CVE-2022-38128 (https://sourceware.org/bugzilla/show_bug.cgi?id=29370):

An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2022-11-06 22:24:20 UTC
Fixed for 2.40, backport nontrivial
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2023-08-24 20:47:53 UTC
All affected versions masked.
No cleanup (toolchain).
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-09-25 04:13:24 UTC
The patch for CVE-2022-38128:

~/git/binutils-gdb $ git tag --contains 695c6dfe
binutils-2_40
binutils-2_41
binutils-2_41-release
gdb-13-branchpoint
gdb-13.1-release
gdb-13.2-release
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-09-25 04:15:24 UTC
GLSA request filed.
Comment 6 Larry the Git Cow gentoo-dev 2023-09-30 07:44:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=14d1caba8122b70c39357e14ad41c672cd2cd81d

commit 14d1caba8122b70c39357e14ad41c672cd2cd81d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-30 07:43:08 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-30 07:44:23 +0000

    [ GLSA 202309-15 ] GNU Binutils: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/866713
    Bug: https://bugs.gentoo.org/867937
    Bug: https://bugs.gentoo.org/903893
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-15.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-28 17:59:58 UTC
CVE-2023-25584 (https://bugzilla.redhat.com/show_bug.cgi?id=2167467):

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2023-25588 (https://sourceware.org/bugzilla/show_bug.cgi?id=29677):

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

CVE-2023-25586 (https://sourceware.org/bugzilla/show_bug.cgi?id=29855):

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVE-2023-25585 (https://sourceware.org/bugzilla/show_bug.cgi?id=29892):

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

CVE-2022-48065 (https://sourceware.org/bugzilla/show_bug.cgi?id=29925):

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVE-2022-44840 (https://sourceware.org/bugzilla/show_bug.cgi?id=29732):

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

CVE-2022-45703 (https://sourceware.org/bugzilla/show_bug.cgi?id=29799):

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

CVE-2022-47673 (https://sourceware.org/bugzilla/show_bug.cgi?id=29876):

An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

CVE-2022-47695 (https://sourceware.org/bugzilla/show_bug.cgi?id=29846):

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

CVE-2022-47696 (https://sourceware.org/bugzilla/show_bug.cgi?id=29677):

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

CVE-2022-48063 (https://sourceware.org/bugzilla/show_bug.cgi?id=29924):

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CVE-2022-48064 (https://sourceware.org/bugzilla/show_bug.cgi?id=29922):

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

All fixed in 2.40.