CVE-2023-25588
published 2023-09-14CVE-2023-25588: A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | binutils | < binutils 2.39.50.20221208-1 (bookworm) | binutils 2.39.50.20221208-1 (bookworm) |
| gnu | binutils | — | — |
| gnu | binutils | >= 0 < 2.39.50.20221208-1 | 2.39.50.20221208-1 |
| gnu | binutils | >= 0 < 2.39.50.20221208-1 | 2.39.50.20221208-1 |
| gnu | binutils | >= 0 < 2.39.50.20221208-1 | 2.39.50.20221208-1 |
| gnu | binutils | >= 0 < 2.30-21ubuntu1~18.04.9 | 2.30-21ubuntu1~18.04.9 |
| gnu | binutils | >= 0 < 2.34-6ubuntu1.5 | 2.34-6ubuntu1.5 |
| gnu | binutils | >= 0 < 2.38-4ubuntu2.2 | 2.38-4ubuntu2.2 |
| gnu | binutils | >= 0 < 2.24-5ubuntu14.2+esm1 | 2.24-5ubuntu14.2+esm1 |
| gnu | binutils | >= 0 < 2.26.1-1ubuntu1~16.04.8+esm6 | 2.26.1-1ubuntu1~16.04.8+esm6 |
| msrc | azl3_crash_8.0.4-3_on_azure_linux_3.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.8HIGH