Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-48063
HistoryAug 22, 2023 - 12:00 a.m.

CVE-2022-48063

2023-08-2200:00:00
ubuntu.com
ubuntu.com
17
cve-2022-48063
gnu binutils
excessive memory consumption
load_separate_debug_files
dwarf2.c
crafted elf file
dns attack

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0

Percentile

10.3%

GNU Binutils before 2.40 was discovered to contain an excessive memory
consumption vulnerability via the function load_separate_debug_files at
dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS
attack.

Bugs

Notes

Author Note
seth-arnold binutils isn’t safe for untrusted inputs.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchbinutils< 2.30-21ubuntu1~18.04.9+esm3UNKNOWN
ubuntu20.04noarchbinutils< 2.34-6ubuntu1.9UNKNOWN
ubuntu22.04noarchbinutils< 2.38-4ubuntu2.6UNKNOWN
ubuntu14.04noarchbinutils< 2.24-5ubuntu14.2+esm5UNKNOWN
ubuntu16.04noarchbinutils< 2.26.1-1ubuntu1~16.04.8+esm9UNKNOWN

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0

Percentile

10.3%