CVE-2023-1579 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 83.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedApr 3

Latest updateMay 24

Description

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶Debiangnu/binutils< 2.40-2+2

▶Ubuntugnu/binutils< 2.30-21ubuntu1~18.04.9+4

▶CVEListV5gnu/binutilsunknown

▶NVDgnu/binutils2.39

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2023-05-24

▶

GHSA

GHSA-7p63-jgg6-rgpv: Heap based buffer overflow in binutils-gdb/bfd/libbfd↗2023-04-04

▶

OSV

CVE-2023-1579: Heap based buffer overflow in binutils-gdb/bfd/libbfd↗2023-04-03

▶

CVEList

CVE-2023-1579: Heap based buffer overflow in binutils-gdb/bfd/libbfd↗2023-04-03

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2023-05-24

▶

Red Hat

binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfd_getl64↗2023-01-11

▶

Debian

CVE-2023-1579: binutils - Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.↗2023

▶