Bugzilla – Bug 1193929
VUL-1: CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c
Last modified: 2022-09-12 08:33:08 UTC
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
Also affected on openSUSE:
This issue is one of the normal fuzzing pseudo-CVEs of binutils. We don't do
active fixes for these, instead they will be fixed as part of the annual toolchain
update by a binutils version update. The next one is due in autumn 2022.
We don't fix these for SLE-11 anymore.
Background: to actually be affected by this problem (which is simply a normal bug
processing invalid input) in any security relevant
setting someone would need to feed random content from an outsider in an
uncontrolled fashion to some command line tools of binutils. It only has a CVE
entry because the fuzzers like to collect such numbers and because noone is
disputing these CVEs.
So, officiall in progress, but there won't be anything done except the binutils
version update later this year.
could you provide a more accurate deadline about this update and which codestreams will receive such a version update? Since we consider this security bug important, we want to have this fixed on all the codestreams Carlos mentioned in comment 1.
see his email on security-team.
SUSE:SLE-12:Update and SUSE:SLE-15:Update currnetly receive yearly version updates.
(In reply to Gianluca Gabrielli from comment #4)
> could you provide a more accurate deadline about this update
Not really, no. If we extrapolate from the past it will occurr between
October and December 2022.
> and which codestreams will receive such a version update?
SLE-12 and SLE-15.
> Since we consider this security bug important,
Based on which criteria is this considered important, and by whom? I certainly
don't consider it important, based on the attack vector and how the setup must
be for that attack vector to be applicable.
> we want to have this fixed on all the codestreams
> Carlos mentioned in comment 1.
Created attachment 859957 [details]
valgrind objdump -g oob_write
should NOT report "Invalid write of size 8"
*** Bug 1202864 has been marked as a duplicate of this bug. ***