cbcvebase.
CVE-2022-38533
published 2022-08-26

CVE-2022-38533: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a…

medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianbinutils< binutils 2.39.50.20221208-2 (bookworm)binutils 2.39.50.20221208-2 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
gnubinutils<= 2.39
gnubinutils>= 0 < 2.39.50.20221208-22.39.50.20221208-2
gnubinutils>= 0 < 2.39.50.20221208-22.39.50.20221208-2
gnubinutils>= 0 < 2.39.50.20221208-22.39.50.20221208-2
gnubinutils>= 0 < 2.34-6ubuntu1.72.34-6ubuntu1.7
gnubinutils>= 0 < 2.38-4ubuntu2.42.38-4ubuntu2.4
gnubinutils>= 0 < 2.24-5ubuntu14.2+esm62.24-5ubuntu14.2+esm6
msrccbl2_binutils_2.37-4_on_cbl_mariner_2.0
msrccm1_binutils_2.36.1-3_on_cbl_mariner_1.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv8.8HIGH