Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43051
HistoryAug 31, 2023 - 8:29 p.m.

Denial Of Service (DoS)

2023-08-3120:29:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
binutils
vulnerability
find_abstract_instance
dwarf2.c
memory leak
denial of service
elf file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.1%

binutils is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the find_abstract_instance function in the dwarf2.c file. The function is responsible for finding the nearest line number for a given address in an ELF file. The vulnerability occurs when the function fails to properly free a memory buffer. This can cause the function to leak memory, which can eventually lead to a denial of service.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.1%