Lucene search

[email protected]NVD:CVE-2023-25586

HistorySep 14, 2023 - 9:15 p.m.

CVE-2023-25586

2023-09-1421:15:10

CWE-457

CWE-908

[email protected]

web.nvd.nist.gov

binutils

logic fail

bfd_init_section_decompress_status

uninitialized variable

crash

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

Affected configurations

NVD

Node

gnubinutilsMatch2.40

References

access.redhat.com/security/cve/CVE-2023-25586

bugzilla.redhat.com/show_bug.cgi?id=2167502

security.netapp.com/advisory/ntap-20231103-0003/

sourceware.org/bugzilla/show_bug.cgi?id=29855

sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2023-25586

osv1 cvelist1 cve1 alpinelinux1 prion1 veracode1 redhatcve1 debiancve1 ubuntucve1 cloudfoundry1 photon2