Описание
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
An out of bounds read flaw has been discovered in GNU binutils. The vfinfo function in the ldmisc.c file. Exploitation of this flaw requires local access and may cause a program crash.
Отчет
Red Hat rates this vulnerability as Low as a result of how the GNU Binutils are configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the availability impact of this flaw will be restricted.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gcc-toolset-15-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 10 | gdb | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mingw-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 6 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 7 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 7 | gdb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-13-binutils | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gcc-toolset-13-gdb | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
A weakness has been identified in GNU Binutils 2.45. The affected elem ...
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
EPSS
3.3 Low
CVSS3