Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-48064
HistoryAug 22, 2023 - 12:00 a.m.

CVE-2022-48064

2023-08-2200:00:00
ubuntu.com
ubuntu.com
12
cve-2022-48064; elf file; dns attack; memory consumption; security issue; nm inspection tool; memory leak; gnu binutils v2.40; excessive.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

GNU Binutils before 2.40 was discovered to contain an excessive memory
consumption vulnerability via the function
bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could
supply a crafted ELF file and cause a DNS attack.

Bugs

Notes

Author Note
seth-arnold binutils isn’t safe for untrusted inputs.
ccdm94 upstream does not consider this a security issue, as per their binutils/SECURITY.txt security file. That is because this issue affects nm, an inspection tool. For bionic and earlier, the patch seems to introduce a memory leak, so these releases will be marked as ignored.
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchbinutils<Β anyUNKNOWN
ubuntu22.04noarchbinutils<Β anyUNKNOWN

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%