TencentOS Server 4: binutils (TSSA-2025:0013)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

TencentOS Server 4 is vulnerable to multiple issues in binutils prior to tested version TSSA-2025:0013.

Reporter	Title	Published	Views	Family All 991
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001	29 Nov 202320:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils [CVE-2022-44840]	25 Apr 202418:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities	15 Dec 202314:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server	20 Aug 202409:53	–	ibm
IBM Security Bulletins	Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.	29 Apr 202502:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.	16 Jan 202419:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in GNU Binutils [CVE-2022-4285]	25 Apr 202418:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities	2 Oct 202410:07	–	ibm
FreeBSD	binutils -- Multiple vulnerabilities	25 Aug 202400:00	–	freebsd
ATTACKERKB	CVE-2022-35206	22 Aug 202319:16	–	attackerkb

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20250013.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2025:0013.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238744);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id(
    "CVE-2022-35205",
    "CVE-2022-35206",
    "CVE-2022-38533",
    "CVE-2022-4285",
    "CVE-2022-44840",
    "CVE-2022-45703",
    "CVE-2022-47007",
    "CVE-2022-47008",
    "CVE-2022-47010",
    "CVE-2022-47011",
    "CVE-2022-47673",
    "CVE-2022-47695",
    "CVE-2022-47696",
    "CVE-2022-48063",
    "CVE-2022-48064",
    "CVE-2022-48065",
    "CVE-2023-1972",
    "CVE-2023-25584",
    "CVE-2023-25585",
    "CVE-2023-25586",
    "CVE-2023-25588"
  );

  script_name(english:"TencentOS Server 4: binutils (TSSA-2025:0013)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 4 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0013 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2022-38533:
    In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called
    from the strip_main function in strip-new via a crafted file.

    CVE-2022-44840:
    Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in
    file readelf.c.

    CVE-2022-4285:
    An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt
    symbol version information may result in a denial of service. This issue is the result of an incomplete
    fix for CVE-2020-16599.

    CVE-2022-48063:
    GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the
    function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a
    DNS attack.

    CVE-2022-48065:
    GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function
    find_abstract_instance in dwarf2.c.

    CVE-2022-35206:
    Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function
    read_and_display_attr_value in file dwarf.c.

    CVE-2022-48064:
    GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the
    function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file
    and cause a DNS attack.

    CVE-2022-47695:
    An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or
    other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

    CVE-2022-47010:
    An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers
    to cause a denial of service due to memory leaks.

    CVE-2022-45703:
    Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in
    file readelf.c.

    CVE-2022-47696:
    An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or
    other unspecified impacts via function compare_symbols.

    CVE-2022-35205:
    An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function
    display_debug_names allows attackers to cause a denial of service.

    CVE-2022-47007:
    An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows
    attackers to cause a denial of service due to memory leaks.

    CVE-2023-1972:
    A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may
    lead to loss of availability.

    CVE-2022-47008:
    An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38,
    allows attackers to cause a denial of service due to memory leaks.

    CVE-2022-47011:
    An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows
    attackers to cause a denial of service due to memory leaks.

    CVE-2023-25584:
    An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

    CVE-2023-25586:
    A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to
    the use of an uninitialized variable that can cause a crash and local denial of service.

    CVE-2023-25585:
    A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to
    application crash and local denial of service.

    CVE-2023-25588:
    A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the
    `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of
    service.

    CVE-2022-47673:
    An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out
    of bound reads which may cause a denial of service or other unspecified impacts.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20250013.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-47696");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:binutils");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 4.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'binutils-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-debuginfo-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-debuginfo-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-debugsource-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-debugsource-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-devel-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-devel-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gold-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gold-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gold-debuginfo-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gold-debuginfo-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gprofng-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gprofng-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gprofng-debuginfo-2.40-2.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'binutils-gprofng-debuginfo-2.40-2.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-debuginfo / binutils-debugsource / etc');
}

20 Nov 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5 - 7.8

EPSS0.0009

SSVC