Lucene search

Ubuntu.comUB:CVE-2022-48065

HistoryAug 22, 2023 - 12:00 a.m.

CVE-2022-48065

2023-08-2200:00:00

ubuntu.com

cve-2022-48065

gnu binutils

memory leak

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

GNU Binutils before 2.40 was discovered to contain a memory leak
vulnerability var the function find_abstract_instance in dwarf2.c.

Bugs

<https://sourceware.org/bugzilla/show_bug.cgi?id=29925>

Notes

Author	Note
seth-arnold	binutils isn’t safe for untrusted inputs.
ccdm94	binutils in bionic and earlier does not include commit 422f3d3d. In this commit, function ‘find_abstract_instance’ was included, and with it, the ‘DW_AT_decl_file’ case, which is where the memory leak occurs. The patch provided by upstream also fixes function ‘scan_unit_for_symbols’, which could also cause a memory leak for similar reasons as the other function. Fixing ‘find_abstract_instance’ in bionic and earlier is not possible as the code being fixed is not present. Fixing ‘scan_unit_for_symbols’ would only introduce possibly undefined behavior, as the patch frees a variable that in bionic and earlier, is not initialized by ‘find_abstract_instance’ and is not initialized by the alternative there present, ‘find_abstract_instance_name’, that doesn’t even consider a filename for an argument.

Author

Note

seth-arnold

binutils isn’t safe for untrusted inputs.

ccdm94

binutils in bionic and earlier does not include commit 422f3d3d. In this commit, function ‘find_abstract_instance’ was included, and with it, the ‘DW_AT_decl_file’ case, which is where the memory leak occurs. The patch provided by upstream also fixes function ‘scan_unit_for_symbols’, which could also cause a memory leak for similar reasons as the other function. Fixing ‘find_abstract_instance’ in bionic and earlier is not possible as the code being fixed is not present. Fixing ‘scan_unit_for_symbols’ would only introduce possibly undefined behavior, as the patch frees a variable that in bionic and earlier, is not initialized by ‘find_abstract_instance’ and is not initialized by the alternative there present, ‘find_abstract_instance_name’, that doesn’t even consider a filename for an argument.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchbinutils< 2.34-6ubuntu1.9UNKNOWN
ubuntu22.04noarchbinutils< 2.38-4ubuntu2.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	binutils	< 2.34-6ubuntu1.9	UNKNOWN
ubuntu	22.04	noarch	binutils	< 2.38-4ubuntu2.6	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-48065

nvd.nist.gov/vuln/detail/CVE-2022-48065

security-tracker.debian.org/tracker/CVE-2022-48065

ubuntu.com/security/notices/USN-6655-1

www.cve.org/CVERecord?id=CVE-2022-48065

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

Related for UB:CVE-2022-48065