Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-38533

Опубликовано: 13 авг. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.

Отчет

This issue is only triggered when a specially crafted COFF file is processed by the strip utility. The COFF file format is not used in Red Hat Enterprise Linux, the object file format used by default is ELF.

Меры по смягчению последствий

Do not process untrusted files with the strip utility.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6binutilsOut of support scope
Red Hat Enterprise Linux 7binutilsOut of support scope
Red Hat Enterprise Linux 8binutilsWill not fix
Red Hat Enterprise Linux 8gcc-toolset-10-binutilsWill not fix
Red Hat Enterprise Linux 8gcc-toolset-11-binutilsWill not fix
Red Hat Enterprise Linux 8gcc-toolset-12-binutilsWill not fix
Red Hat Enterprise Linux 9binutilsFix deferred
Red Hat Enterprise Linux 9gcc-toolset-12-binutilsFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2124569binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file

EPSS

Процентиль: 8%
0.00029
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-38533

CVSS3: 5.5
ubuntu
больше 3 лет назад

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

nvd логотип

CVE-2022-38533

CVSS3: 5.5
nvd
больше 3 лет назад

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

msrc логотип

CVE-2022-38533

CVSS3: 5.5
msrc
больше 3 лет назад

In GNU Binutils before 2.40 there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

debian логотип

CVE-2022-38533

CVSS3: 5.5
debian
больше 3 лет назад

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...

github логотип

GHSA-7v55-wrg9-5rfp

CVSS3: 5.5
github
больше 3 лет назад

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

EPSS

Процентиль: 8%
0.00029
Низкий

5.5 Medium

CVSS3