CVE-2022-44840

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow9 documents7 sources
Severity
7.8HIGH
EPSS
0.0%
top 93.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedAug 22
Latest updateJan 15

Description

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgnu/binutils< 2.40
Debianbinutils< 2.40-2+2
Ubuntubinutils< 2.34-6ubuntu1.8+1

🔴Vulnerability Details

4
OSV
binutils vulnerabilities2024-01-15
CVEList
CVE-2022-44840: Heap buffer overflow vulnerability in binutils readelf before 22023-08-22
GHSA
GHSA-6hf6-4792-jww6: Heap buffer overflow vulnerability in binutils readelf before 22023-08-22
OSV
CVE-2022-44840: Heap buffer overflow vulnerability in binutils readelf before 22023-08-22

📋Vendor Advisories

4
Ubuntu
GNU binutils vulnerabilities2024-01-15
Ubuntu
GNU binutils vulnerabilities2023-09-18
Red Hat
binutils: heap-based buffer overflow in find_section_in_set() in readelf.c2022-10-30
Debian
CVE-2022-44840: binutils - Heap buffer overflow vulnerability in binutils readelf before 2.40 via function ...2022
CVE-2022-44840 (HIGH CVSS 7.8) | Heap buffer overflow vulnerability | cvebase.io