Vulnerability Details : CVE-2023-1972

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Vulnerability category: OverflowMemory Corruption

Published 2023-05-17 22:15:11

Updated 2023-09-30 10:15:10

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-1972

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: secalert@redhat.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

https://sourceware.org/bugzilla/show_bug.cgi?id=30285

30285 – objdump heap-buffer-overflow in _bfd_elf_print_private_bfd_data() at /binutils-gdb/bfd/elf.c:1844 (SIGSEGV)
Issue Tracking;Patch;Third Party Advisory
https://security.gentoo.org/glsa/202309-15

GNU Binutils: Multiple Vulnerabilities (GLSA 202309-15) — Gentoo security

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=2185646

2185646 – (CVE-2023-1972) CVE-2023-1972 binutils: Illegal memory access when an accessing a zer0-lengthverdef table
Issue Tracking

GNU » Binutils
Versions from including (>=) 2.35 and up to, including, (<=) 2.40
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
Matching versions