CVE-2022-48065Missing Release of Memory after Effective Lifetime in Binutils

CWE-401Missing Release of Memory after Effective Lifetime8 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU BinutilsFedoraproject Fedora
Timeline
PublishedAug 22
Latest updateFeb 26

Description

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDgnu/binutils< 2.40
Debiangnu/binutils< 2.40-2+2

Also affects: Fedora 38, 39

🔴Vulnerability Details

3
GHSA
GHSA-gx78-cf6r-h3p3: GNU Binutils before 22023-08-22
CVEList
CVE-2022-48065: GNU Binutils before 22023-08-22
OSV
CVE-2022-48065: GNU Binutils before 22023-08-22

📋Vendor Advisories

4
Ubuntu
GNU binutils vulnerabilities2024-02-26
Microsoft
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.2023-08-08
Red Hat
binutils: memory leak in find_abstract_instance() in dwarf2.c2022-12-21
Debian
CVE-2022-48065: binutils - GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability v...2022
CVE-2022-48065 — GNU Binutils vulnerability | cvebase