Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-1972

Published: 12 April 2023

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.

Notes

AuthorNote
seth-arnold
binutils isn't safe for untrusted inputs.
mdeslaur
buffer over-read, likely just a crash when parsing a corrupted
file, setting priority to low

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
jammy
Released (2.38-4ubuntu2.2)
kinetic
Released (2.39-3ubuntu1.2)
trusty Not vulnerable
(code not rpesent)
upstream Needs triage

xenial Not vulnerable
(code not present)
lunar
Released (2.40-2ubuntu4.1)
mantic
Released (2.40-2ubuntu6)
Patches:
upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
gdb
Launchpad, Ubuntu, Debian
focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

kinetic Ignored
(end of life, was needs-triage)
bionic Needs triage

mantic Needs triage

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H