Lucene search

[email protected]CVE-2022-48063

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2022-48063

2023-08-2219:16:30

CWE-400

[email protected]

web.nvd.nist.gov

100

cve-2022-48063

gnu binutils

memory consumption

vulnerability

load_separate_debug_files

dwarf2.c

elf file

dns attack

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Affected configurations

NVD

Node

gnubinutilsRange<2.40

CPENameOperatorVersion
gnu:binutilsgnu binutilslt2.40

CPE	Name	Operator	Version
gnu:binutils	gnu binutils	lt	2.40

References

security.netapp.com/advisory/ntap-20231006-0008/

sourceware.org/bugzilla/show_bug.cgi?id=29924

sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2022-48063

cvelist1 veracode1 nvd1 debiancve1 ubuntucve1 alpinelinux1 prion1 redhatcve1 osv3 nessus19 cloudfoundry1 openvas19 ubuntu2 redos1 photon3 ibm1