Description

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

Related CPE's

a

gnu

binutils

Vulnerable

o

fedoraproject

fedora

37

Vulnerable

o

redhat

enterprise_linux

4

References

https://bugzilla.redhat.com/show_bug.cgi?id=2150768

ExploitIssue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/202309-15

https://sourceware.org/bugzilla/show_bug.cgi?id=29699

ExploitIssue TrackingPatchVendor Advisory

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70

Weaknesses

[email protected]

Primary
CWE-476

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-27T18:15:15.977

2 years ago

Last modified

2023-11-07T03:57:25.527

1 year ago