Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43050
HistoryAug 31, 2023 - 8:28 p.m.

Denial Of Service (DoS)

2023-08-3120:28:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
binutils
separate debug files
dwarf2.c
denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

binutils is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the load_separate_debug_files function in the dwarf2.c file. The function is responsible for loading debug information from separate ELF files. The vulnerability occurs when the function fails to properly check the size of a buffer. This can cause the function to allocate an excessive amount of memory, which can eventually lead to a denial of service.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%