CVE-2022-48063 — Uncontrolled Resource Consumption in Binutils

CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedAug 22

Latest updateFeb 26

Description

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgnu/binutils< 2.40

▶Debiangnu/binutils< 2.40-2+2

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2024-02-26

▶

GHSA

GHSA-7jp6-rmg5-fj58: GNU Binutils before 2↗2023-08-22

▶

OSV

CVE-2022-48063: GNU Binutils before 2↗2023-08-22

▶

CVEList

CVE-2022-48063: GNU Binutils before 2↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2024-02-26

▶

Ubuntu

GNU binutils vulnerabilities↗2023-10-04

▶

Microsoft

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c.↗2023-08-08

▶

Red Hat

binutils: excessive memory consumption in load_separate_debug_files() in dwarf.c↗2022-12-21

▶

Debian

CVE-2022-48063: binutils - GNU Binutils before 2.40 was discovered to contain an excessive memory consumpti...↗2022

▶