Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25588

Опубликовано: 12 дек. 2022
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

A flaw was found in Binutils. The field the_bfd of asymbolstruct is uninitialized in the bfd_mach_o_get_synthetic_symtab function, which may lead to an application crash and local denial of service.

Отчет

This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this out-of-bounds read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 7binutilsWill not fix
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-11-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-12-binutilsFix deferred
Red Hat Enterprise Linux 9binutilsNot affected
Red Hat Enterprise Linux 9gcc-toolset-12-binutilsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-457
https://bugzilla.redhat.com/show_bug.cgi?id=2167505binutils: Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`

EPSS

Процентиль: 4%
0.0002
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-25588

CVSS3: 4.7
ubuntu
больше 2 лет назад

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

nvd логотип

CVE-2023-25588

CVSS3: 4.7
nvd
больше 2 лет назад

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

msrc логотип

CVE-2023-25588

CVSS3: 4.7
msrc
10 месяцев назад

Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`

debian логотип

CVE-2023-25588

CVSS3: 4.7
debian
больше 2 лет назад

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct i ...

github логотип

GHSA-m5xq-q856-p5jf

CVSS3: 4.7
github
больше 2 лет назад

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

EPSS

Процентиль: 4%
0.0002
Низкий

4.7 Medium

CVSS3