Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-47008

Опубликовано: 16 июн. 2022
Источник: redhat
CVSS3: 5.5

Описание

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.

Отчет

The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The memory leak in bucomm.c only triggers during the parsing of malformed files, which would require an attacker to convince a user to process a malicious file. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6binutilsOut of support scope
Red Hat Enterprise Linux 7binutilsOut of support scope
Red Hat Enterprise Linux 7gdbOut of support scope
Red Hat Enterprise Linux 8binutilsWill not fix
Red Hat Enterprise Linux 8gcc-toolset-11-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-11-gdbNot affected
Red Hat Enterprise Linux 8gcc-toolset-12-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-12-gdbNot affected
Red Hat Enterprise Linux 8gcc-toolset-13-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-13-gdbAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2233984binutils: memory leak in make_tempdir() and make_tempname() in bucomm.c

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-47008

CVSS3: 5.5
ubuntu
почти 2 года назад

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

nvd логотип

CVE-2022-47008

CVSS3: 5.5
nvd
почти 2 года назад

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

msrc логотип

CVE-2022-47008

CVSS3: 5.5
msrc
6 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-47008

CVSS3: 5.5
debian
почти 2 года назад

An issue was discovered function make_tempdir, and make_tempname in bu ...

github логотип

GHSA-7fpc-wx39-r8j5

CVSS3: 5.5
github
почти 2 года назад

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

5.5 Medium

CVSS3