Lucene search

Veracode Vulnerability DatabaseVERACODE:43632

HistoryOct 09, 2023 - 1:17 p.m.

Denial Of Service (DoS)

2023-10-0913:17:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

binutils

denial of service

uninitialized variable

application crash

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.3%

JSON

binutils is vulnerable to Denial of Service (DoS). An use of an uninitialized variable causes a logic fail in the bfd_init_section_decompress_status function, which may allow a local attacker to cause an application crash.

CPENameOperatorVersion
binutils:sideq2.35.1-3
binutils:sideq2.35.1-3

CPE	Name	Operator	Version
	binutils:sid	eq	2.35.1-3
	binutils:sid	eq	2.35.1-3

References

access.redhat.com/security/cve/CVE-2023-25586

bugzilla.redhat.com/show_bug.cgi?id=2167502

security-tracker.debian.org/tracker/CVE-2023-25586

security.netapp.com/advisory/ntap-20231103-0003/

sourceware.org/bugzilla/show_bug.cgi?id=29855

sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for VERACODE:43632