Lucene search
Ubuntu.comUB:CVE-2022-38533HistoryAug 26, 2022 - 12:00 a.m.
CVE-2022-38533
2022-08-2600:00:00
ubuntu.com
ubuntu.com
19
gnu binutils
heap-buffer-overflow
error function bfd_getl32
strip_main
crafted file
security vulnerability
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
39.6%
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error
function bfd_getl32 when called from the strip_main function in strip-new
via a crafted file.
Bugs
Notes
| Author | Note |
|---|---|
| seth-arnold | binutils isn’t safe for untrusted inputs. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | binutils | < 2.30-21ubuntu1~18.04.8 | UNKNOWN |
| ubuntu | 20.04 | noarch | binutils | < 2.34-6ubuntu1.4 | UNKNOWN |
| ubuntu | 22.04 | noarch | binutils | < 2.38-4ubuntu2.1 | UNKNOWN |
| ubuntu | 22.10 | noarch | binutils | < 2.39-3ubuntu1.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | binutils | < 2.40-2ubuntu1 | UNKNOWN |
| ubuntu | 23.10 | noarch | binutils | < 2.40-2ubuntu1 | UNKNOWN |
| ubuntu | 14.04 | noarch | binutils | < 2.24-5ubuntu14.2+esm6 | UNKNOWN |
| ubuntu | 16.04 | noarch | binutils | < 2.26.1-1ubuntu1~16.04.8+esm5 | UNKNOWN |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-5762-1)
2022-12-06 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-1490)
2023-03-09 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2022-2754)
2022-11-14 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : GNU binutils vulnerability (USN-5762-1)
2022-12-07 00:00:00
EulerOS 2.0 SP9 : binutils (EulerOS-SA-2022-2719)
2022-11-14 00:00:00
EulerOS 2.0 SP9 : binutils (EulerOS-SA-2022-2754)
2022-11-14 00:00:00
veracode
veracode
Heap-buffer-overflow
2022-09-21 17:27:02
redhatcve
redhatcve
CVE-2022-38533
2022-09-06 14:29:40
debiancve
debiancve
CVE-2022-38533
2022-08-26 00:15:09
cbl_mariner
cbl_mariner
CVE-2022-38533 affecting package binutils 2.36.1-3
2024-07-05 21:08:35
CVE-2022-38533 affecting package binutils for versions less than 2.37-4
2022-10-05 23:33:46
prion
prion
Heap overflow
2022-08-26 00:15:00
cloudfoundry
cloudfoundry
USN-5762-1: GNU binutils vulnerability | Cloud Foundry
2023-01-26 00:00:00
USN-6544-1: GNU binutils vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
cgr
cgr
CVE-2022-38533 vulnerabilities
2024-05-19 03:07:16
osv
osv
binutils vulnerability
2022-12-05 16:03:44
CVE-2022-38533
2022-08-26 00:15:09
binutils vulnerabilities
2023-12-11 11:18:13
cve
cve
CVE-2022-38533
2022-08-26 00:15:09
nvd
nvd
CVE-2022-38533
2022-08-26 00:15:09
cvelist
cvelist
CVE-2022-38533
2022-08-25 00:00:00
ubuntu
ubuntu
GNU binutils vulnerability
2022-12-05 00:00:00
GNU binutils vulnerabilities
2023-12-11 00:00:00
wolfi
wolfi
CVE-2022-38533 vulnerabilities
2024-07-05 21:08:40
alpinelinux
alpinelinux
CVE-2022-38533
2022-08-26 00:15:09
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0532
2022-10-27 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0478
2022-10-27 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0637
2023-08-23 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: mingw-binutils-2.38-5.fc37
2022-11-10 22:55:47
[SECURITY] Fedora 36 Update: mingw-binutils-2.37-5.fc36
2022-11-07 21:07:02
mageia
mageia
Updated binutils/gdb packages fix security vulnerability
2022-11-13 05:25:20
gentoo
gentoo
GNU Binutils: Multiple Vulnerabilities
2023-09-30 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
39.6%
Related for UB:CVE-2022-38533