CVE-2022-48063

Published: 8/22/2023 Last updated: 10/3/2024 Reserved: 12/29/2022

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (2)

Product	Vendor	Version
n/a	n/a	17.9.1a
n/a	n/a	< 2862eee078a4d2d1f584e7f24fa50dddfa5f3471

References (12)

https://sourceware.org/bugzilla/show_bug.cgi?id=29924
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
https://security.netapp.com/advisory/ntap-20231006-0008/
https://sourceware.org/bugzilla/show_bug.cgi?id=29924
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
https://security.netapp.com/advisory/ntap-20231006-0008/
https://sourceware.org/bugzilla/show_bug.cgi?id=29924
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
https://security.netapp.com/advisory/ntap-20231006-0008/
https://sourceware.org/bugzilla/show_bug.cgi?id=29924
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
https://security.netapp.com/advisory/ntap-20231006-0008/