CVE-2023-25586Use of Uninitialized Variable in Binutils

CWE-457Use of Uninitialized VariableCWE-908Use of Uninitialized Resource6 documents6 sources
Severity
5.5MEDIUMNVD
CNA4.7
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedSep 14

Description

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.39.50.20221208-1+2
NVDgnu/binutils2.40

Patches

Patch: bugzilla.redhat.comPatch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-gpjh-j7vh-fwmj: A flaw was found in Binutils2023-09-14
OSV
CVE-2023-25586: A flaw was found in Binutils2023-09-14
CVEList
Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized2023-09-14

📋Vendor Advisories

2
Debian
CVE-2023-25586: binutils - A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_st...2023
Red Hat
binutils: Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized2022-12-12
CVE-2023-25586 — Use of Uninitialized Variable | cvebase