Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25585

Опубликовано: 12 дек. 2022
Источник: redhat
CVSS3: 4.7

Описание

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Отчет

This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this out-of-bounds read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with addr2line. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 7binutilsWill not fix
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-11-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-12-binutilsFix deferred
Red Hat Enterprise Linux 9binutilsNot affected
Red Hat Enterprise Linux 9gcc-toolset-12-binutilsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-457
https://bugzilla.redhat.com/show_bug.cgi?id=2167498binutils: Field `file_table` of `struct module *module` is uninitialized

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-25585

CVSS3: 4.7
ubuntu
больше 2 лет назад

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

nvd логотип

CVE-2023-25585

CVSS3: 4.7
nvd
больше 2 лет назад

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

msrc логотип

CVE-2023-25585

CVSS3: 4.7
msrc
10 месяцев назад

Field `file_table` of `struct module *module` is uninitialized

debian логотип

CVE-2023-25585

CVSS3: 4.7
debian
больше 2 лет назад

A flaw was found in Binutils. The use of an uninitialized field in the ...

github логотип

GHSA-7787-4vjc-4737

CVSS3: 4.7
github
больше 2 лет назад

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

4.7 Medium

CVSS3

Уязвимость CVE-2023-25585