CVE-2022-35205 — Reachable Assertion in Binutils

CWE-617 — Reachable Assertion9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 94.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedAug 22

Latest updateDec 11

Description

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/binutils< 2.38.50.20220627-1+2

▶NVDgnu/binutils2.38.50

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

CVE-2022-35205: An issue was discovered in Binutils readelf 2↗2023-08-22

▶

GHSA

GHSA-5w4c-x7fv-v2g8: An issue was discovered in Binutils readelf 2↗2023-08-22

▶

CVEList

CVE-2022-35205: An issue was discovered in Binutils readelf 2↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2023-12-11

▶

Ubuntu

GNU binutils vulnerabilities↗2023-10-04

▶

Microsoft

Reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.↗2023-08-08

▶

Red Hat

binutils: reachable assertion in display_debug_names() in dwarf.c↗2022-06-26

▶

Debian

CVE-2022-35205: binutils - An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure...↗2022

▶