CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
GNU Binutils is used by IBM Netezza Performance Server. IBM Netezza Performance Server has addressed the applicable CVEs.
CVEID:CVE-2022-48063
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in the function load_separate_debug_files at dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264313 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-48064
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264315 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-48065
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a memory leak vulnerability in the function find_abstract_instance in dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264316 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Netezza Performance Server | IBM Netezza Performance Server 11.2.0.0 |
Product | VRMF | Remediation/Fix |
---|---|---|
IBM Netezza Performance Server | 11.2.1.0 | Fix Central Link |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | netezza_performance_portal | any | cpe:2.3:h:ibm:netezza_performance_portal:any:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High