Lucene search

K
ubuntuUbuntuUSN-6581-1
HistoryJan 15, 2024 - 12:00 a.m.

GNU binutils vulnerabilities

2024-01-1500:00:00
ubuntu.com
29
gnu binutils
ubuntu
buffer overflow
memory consumption
vulnerability
denial of service
sensitive information
arbitrary code
cve-2022-44840
cve-2022-45703
cve-2022-47007
cve-2022-47008
cve-2022-47010
cve-2022-47011

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

21.5%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • binutils - GNU assembler, linker and binary utilities

Details

It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code.
(CVE-2022-44840, CVE-2022-45703)

It was discovered that GNU binutils incorrectly handled memory management
operations in several of its functions, which could lead to excessive
memory consumption due to memory leaks. An attacker could possibly use
these issues to cause a denial of service.
(CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011)

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

21.5%