Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43052
HistoryAug 31, 2023 - 8:29 p.m.

Denial Of Service (DoS)

2023-08-3120:29:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
binutils
vulnerability
bfd_dwarf2_find_nearest_line_with_alt
denial of service
memory allocation
elf file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

binutils is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the bfd_dwarf2_find_nearest_line_with_alt function in the dwarf2.c file. The function is responsible for finding the nearest line number for a given address in an ELF file. The vulnerability occurs when the function fails to properly check the size of a buffer. This can cause the function to allocate an excessive amount of memory, which can eventually lead to a denial of service.

References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%