Lucene search

K
nvd[email protected]NVD:CVE-2022-38533
HistoryAug 26, 2022 - 12:15 a.m.

CVE-2022-38533

2022-08-2600:15:09
CWE-787
web.nvd.nist.gov
7
binutils
heap buffer overflow
gnu

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

39.6%

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Affected configurations

Nvd
Node
gnubinutilsRange2.39
Node
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
VendorProductVersionCPE
gnubinutils*cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

39.6%