CVE-2023-1972: Buffer Overflow

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2023-1972.

Q: Where was the vulnerability found?

The vulnerability was found in _bfd_elf_slurp_version_tables() in bfd/elf.c.

Q: What is the impact of the vulnerability?

The vulnerability may lead to a heap-based buffer overflow, resulting in a loss of availability.

Q: What software is affected by the vulnerability?

The vulnerability affects GNU Binutils versions between 2.35 and 2.40.

Q: How severe is the vulnerability?

The vulnerability has a severity value of 6.5 (medium).

Published Apr 10, 2023

Updated

A potential heap based buffer overflow was found in bfdelfslurpversiontables() in bfd/elf.c. This may lead to loss of availability.

Other sources

Potential heap based buffer overflow found in bfdelfslurpversiontables() in bfd/elf.c.

References:

https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086 https://sourceware.org/bugzilla/showbug.cgi?id=30285

— Red Hat

Affected Software

2 affected componentsFixes available

redhat/binutils<2.40

2.40

GNU binutils>=2.35<=2.40

Remediation

Patch Available

https://sourceware.org/bugzilla/show_bug.cgi?id=30285

Event History

May 17, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionWeakness

May 2, 2025

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7232197

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2023-1972.

Where was the vulnerability found?