Lucene search
HistorySep 14, 2023 - 9:15 p.m.
CVE-2023-25586
binutils
cve-2023-25586
logic fail
uninitialized variable
denial of service
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Affected configurations
Node
gnubinutilsMatch2.40
| CPE | Name | Operator | Version |
|---|---|---|---|
| gnu:binutils | gnu binutils | eq | 2.40 |
CNA Affected
[
{
"product": "binutils",
"vendor": "n/a",
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gdb",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gcc-toolset-11-binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gcc-toolset-11-gdb",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gcc-toolset-12-binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gcc-toolset-12-gdb",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gdb",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gcc-toolset-12-binutils",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gcc-toolset-12-gdb",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gdb",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
},
{
"product": "Fedora 36",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "gdb",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 36",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "mingw-binutils",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 36",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "radare2",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 37",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "radare2",
"defaultStatus": "unaffected"
},
{
"product": "Extra Packages for Enterprise Linux 7",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "radare2",
"defaultStatus": "unaffected"
},
{
"product": "Fedora",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "binutils",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 37",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "insight",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 37",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "binutils",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 37",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "mingw-binutils",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 36",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "insight",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 36",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "binutils",
"defaultStatus": "unaffected"
},
{
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "radare2",
"defaultStatus": "unaffected"
},
{
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "rizin",
"defaultStatus": "unaffected"
},
{
"product": "Fedora 36",
"vendor": "Fedora",
"collectionURL": "https://packages.fedoraproject.org/",
"packageName": "rizin",
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
osv
osv
CVE-2023-25586
2023-09-14 21:15:10
alpinelinux
alpinelinux
CVE-2023-25586
2023-09-14 21:15:10
prion
prion
Denial of service
2023-09-14 21:15:00
redhatcve
redhatcve
CVE-2023-25586
2023-02-07 19:27:23
veracode
veracode
Denial Of Service (DoS)
2023-10-09 13:17:39
ubuntucve
ubuntucve
CVE-2023-25586
2023-09-14 00:00:00
nvd
nvd
CVE-2023-25586
2023-09-14 21:15:10
debiancve
debiancve
CVE-2023-25586
2023-09-14 21:15:10
cloudfoundry
cloudfoundry
USN-6101-1: GNU binutils vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0060
2023-07-29 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0440
2023-07-29 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
Related for CVE-2023-25586