Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-48063
HistoryAug 22, 2023 - 7:16 p.m.

CVE-2022-48063

2023-08-2219:16:30
Debian Security Bug Tracker
security-tracker.debian.org
5
gnu binutils
excessive memory consumption
vulnerability
dns attack
crafted elf file
cve-2022-48063
unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%