CVE-2022-48064Allocation of Resources Without Limits or Throttling in Binutils

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU BinutilsFedoraproject Fedora
Timeline
PublishedAug 22

Description

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDgnu/binutils< 2.40
Debiangnu/binutils< 2.40-2+2

Also affects: Fedora 37, 38

🔴Vulnerability Details

3
GHSA
GHSA-p564-948g-fpq9: GNU Binutils before 22023-08-22
OSV
CVE-2022-48064: GNU Binutils before 22023-08-22
CVEList
CVE-2022-48064: GNU Binutils before 22023-08-22

📋Vendor Advisories

3
Microsoft
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted2023-08-08
Red Hat
binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c2022-12-20
Debian
CVE-2022-48064: binutils - GNU Binutils before 2.40 was discovered to contain an excessive memory consumpti...2022
CVE-2022-48064 — GNU Binutils vulnerability | cvebase