Veracode Vulnerability DatabaseVERACODE:43050Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
9.5%
binutils is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the load_separate_debug_files function in the dwarf2.c file. The function is responsible for loading debug information from separate ELF files. The vulnerability occurs when the function fails to properly check the size of a buffer. This can cause the function to allocate an excessive amount of memory, which can eventually lead to a denial of service.
| CPE | Name | Operator | Version |
|---|---|---|---|
| binutils:sid | eq | 2.35.1-3 | |
| binutils:sid | eq | 2.35.1-3 |
References
security-tracker.debian.org/tracker/CVE-2022-48063
security.netapp.com/advisory/ntap-20231006-0008/
sourceware.org/bugzilla/show_bug.cgi?id=29924
sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
9.5%