CVE-2022-38533 — Out-of-bounds Write in Binutils

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow10 documents8 sources

Severity

5.5MEDIUMNVD

OSV8.8

EPSS

0.0%

top 91.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils Fedoraproject Fedora

Timeline

PublishedAug 26

Latest updateDec 11

Description

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debiangnu/binutils< 2.39.50.20221208-2+2

▶Ubuntugnu/binutils< 2.34-6ubuntu1.7+2

▶NVDgnu/binutils2.39

Also affects: Fedora 36, 37

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2023-12-11

▶

GHSA

GHSA-7v55-wrg9-5rfp: In GNU Binutils before 2↗2022-08-27

▶

OSV

CVE-2022-38533: In GNU Binutils before 2↗2022-08-26

▶

CVEList

CVE-2022-38533: In GNU Binutils before 2↗2022-08-25

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2023-12-11

▶

Ubuntu

GNU binutils vulnerability↗2022-12-05

▶

Red Hat

binutils: heap-based buffer overflow in bfd_getl32() when called by strip_main() in objcopy.c via a crafted file↗2022-08-13

▶

Microsoft

In GNU Binutils before 2.40 there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.↗2022-08-09

▶

Debian

CVE-2022-38533: binutils - In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error functi...↗2022

▶