Описание
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.
Отчет
Red Hat rates this vulnerability as Moderate as a result of how the GNU Binutils are configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Containers | rhmtc/openshift-migration-must-gather-rhel8 | Affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-must-gather-rhel8 | Out of support scope | ||
| Red Hat Enterprise Linux 10 | gdb | Not affected | ||
| Red Hat Enterprise Linux 10 | mingw-binutils | Not affected | ||
| Red Hat Enterprise Linux 6 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | binutils | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gdb | Not affected | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-13-binutils | Affected | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-13-gdb | Affected | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-14-gdb | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
A vulnerability has been found in GNU Binutils 2.45. The affected elem ...
EPSS
5.3 Medium
CVSS3