CVE-2022-4285NULL Pointer Dereference in Binutils

CWE-476NULL Pointer Dereference11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 82.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU BinutilsGNU GDBFedoraproject Fedora+1 more
Timeline
PublishedJan 27
Latest updateJun 20

Description

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDgnu/binutils2.352.39-7
Debiangnu/binutils< 2.39.50.20221208-2+2
CVEListV5gnu/binutilsbinutils 2.39-7
Ubuntugnu/gdb< 9.2-0ubuntu1~20.04.2+3

Also affects: Fedora 37, Enterprise Linux 6.0, 7.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: sourceware.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
gdb vulnerabilities2024-06-20
OSV
binutils vulnerabilities2023-12-11
CVEList
CVE-2022-4285: An illegal memory access flaw was found in the binutils package2023-01-27
OSV
CVE-2022-4285: An illegal memory access flaw was found in the binutils package2023-01-27
GHSA
GHSA-qx33-qxjc-p36p: An illegal memory access flaw was found in the binutils package2023-01-27

📋Vendor Advisories

5
Ubuntu
gdb vulnerabilities2024-06-20
Ubuntu
GNU binutils vulnerabilities2023-12-11
Microsoft
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an inc2023-01-10
Red Hat
binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault2022-10-19
Debian
CVE-2022-4285: binutils - An illegal memory access flaw was found in the binutils package. Parsing an ELF ...2022
CVE-2022-4285 — NULL Pointer Dereference in Binutils | cvebase