Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-44840

Опубликовано: 30 окт. 2022
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.

Отчет

The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in our environments, limiting its exploitation potential. The buffer overflow in find_section_in_set() only triggers during the parsing of malformed ELF files, which would require an attacker to convince a user to process a malicious ELF file with readelf. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6binutilsOut of support scope
Red Hat Enterprise Linux 7binutilsOut of support scope
Red Hat Enterprise Linux 7gdbOut of support scope
Red Hat Enterprise Linux 8binutilsWill not fix
Red Hat Enterprise Linux 8gcc-toolset-11-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-11-gdbNot affected
Red Hat Enterprise Linux 8gcc-toolset-12-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-12-gdbNot affected
Red Hat Enterprise Linux 8gcc-toolset-13-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-13-gdbAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2234004binutils: heap-based buffer overflow in find_section_in_set() in readelf.c

EPSS

Процентиль: 5%
0.00021
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-44840

CVSS3: 7.8
ubuntu
больше 2 лет назад

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

nvd логотип

CVE-2022-44840

CVSS3: 7.8
nvd
больше 2 лет назад

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

debian логотип

CVE-2022-44840

CVSS3: 7.8
debian
больше 2 лет назад

Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...

github логотип

GHSA-6hf6-4792-jww6

CVSS3: 7.8
github
больше 2 лет назад

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

fstec логотип

BDU:2023-05852

CVSS3: 7.8
fstec
больше 3 лет назад

Уязвимость функции find_section_in_set() (readelf.c) программного средства разработки GNU Binutils, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 5%
0.00021
Низкий

7.8 High

CVSS3