CVE-2023-1972
Publication date 12 April 2023
Last updated 26 August 2025
Ubuntu priority
Description
A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| binutils | 24.04 LTS noble |
Fixed 2.40-2ubuntu6
|
| 22.04 LTS jammy |
Fixed 2.38-4ubuntu2.2
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| gdb | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Fixed 12.1-0ubuntu1~22.04.2
|
|
| 20.04 LTS focal |
Fixed 9.2-0ubuntu1~20.04.2
|
|
| 18.04 LTS bionic |
Fixed 8.1.1-0ubuntu1+esm1
|
|
| 16.04 LTS xenial |
Fixed 7.11.1-0ubuntu1~16.5+esm1
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialNotes
seth-arnold
binutils isn't safe for untrusted inputs.
mdeslaur
buffer over-read, likely just a crash when parsing a corrupted file, setting priority to low
Patch details
| Package | Patch details |
|---|---|
| binutils |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6101-1
- GNU binutils vulnerabilities
- 24 May 2023
Other references
- https://access.redhat.com/security/cve/CVE-2023-1972
- https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
- https://www.cve.org/CVERecord?id=CVE-2023-1972