Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server

Summary

GNU Binutils is used by IBM Netezza Performance Server. IBM Netezza Performance Server has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-48063
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in the function load_separate_debug_files at dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264313 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-48064
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264315 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-48065
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a memory leak vulnerability in the function find_abstract_instance in dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264316 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None