CVE-2022-47695 — Uncontrolled Resource Consumption in Binutils

CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedAug 22

Latest updateFeb 26

Description

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDgnu/binutils< 2.39.3

▶Debiangnu/binutils< 2.39.50.20221208-2+2

▶Ubuntugnu/binutils< 2.34-6ubuntu1.9+1

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2024-02-26

▶

CVEList

CVE-2022-47695: An issue was discovered Binutils objdump before 2↗2023-08-22

▶

GHSA

GHSA-hcj5-gphh-wmp6: An issue was discovered Binutils objdump before 2↗2023-08-22

▶

OSV

CVE-2022-47695: An issue was discovered Binutils objdump before 2↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2024-02-26

▶

Ubuntu

GNU binutils vulnerabilities↗2023-09-18

▶

Red Hat

binutils: uninitialized field in bfd_mach_o_get_synthetic_symtab() in match-o.c↗2022-10-13

▶

Debian

CVE-2022-47695: binutils - An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause...↗2022

▶