Описание
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
Отчет
This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this heap-based buffer over-read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 5 | binutils220 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | binutils | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-binutils | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
An issue was discovered in the Binary File Descriptor (BFD) library (a ...
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
Уязвимость функции bfd_getl32 компонента libbfd.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.3 Low
CVSS3