CVE-2023-25588

2023-09-1421:15:10

Google

osv.dev

binutils

application crash

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

A flaw was found in Binutils. The field the_bfd of asymbolstruct is uninitialized in the bfd_mach_o_get_synthetic_symtab function, which may lead to an application crash and local denial of service.

CPENameOperatorVersion
binutils-gdb.giteqgdb_5_3-branchpoint
binutilseq2.40.50.20230611-2
binutils-gdb.giteqgdb-10-branchpoint
binutilseq2.39.50.20221010-1
binutilseq2.38.50.20220629-3
binutilseq2.40.90.20230729-2
binutilseq2.37.50.20220106-2
binutilseq2.39.50.20221208-5
binutils-gdb.giteqgdb_7_3-branchpoint
binutilseq2.37-6

Name	Operator	Version
binutils-gdb.git	eq	gdb_5_3-branchpoint
binutils	eq	2.40.50.20230611-2
binutils-gdb.git	eq	gdb-10-branchpoint
binutils	eq	2.39.50.20221010-1
binutils	eq	2.38.50.20220629-3
binutils	eq	2.40.90.20230729-2
binutils	eq	2.37.50.20220106-2
binutils	eq	2.39.50.20221208-5
binutils-gdb.git	eq	gdb_7_3-branchpoint
binutils	eq	2.37-6