CVE-2023-25586

Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized

Published: 9/14/2023 Last updated: 2/13/2025 Reserved: 2/7/2023

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (27)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	SA8155P
Fedora	Fedora	n/a
Red Hat Enterprise Linux 7	Red Hat	>= 16.0.0-rc-1, < 16.4.7
Fedora 36	Fedora	n/a
Red Hat Enterprise Linux 8	Red Hat	< 0b5394229ebae09afc07aabccb5ffd705ffd250e
Red Hat Enterprise Linux 9	Red Hat	<= 4.0.0
Fedora 37	Fedora	< 6.1.7601.25632
Red Hat Enterprise Linux 8	Red Hat	N/A
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	SW5100P
Red Hat Enterprise Linux 9	Red Hat	<= 1.7.0
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	1.230
Red Hat Enterprise Linux 9	Red Hat	n/a
Fedora 36	Fedora	WSA8835
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	< cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
Fedora 37	Fedora	<= *
Fedora 37	Fedora	< publication
Fedora 36	Fedora	< 5.3
Extra Packages for Enterprise Linux 7	Fedora	n/a
Extra Packages for Enterprise Linux 8	Fedora	< 6.2.9200.23372
Fedora 37	Fedora	< publication
Fedora 36	Fedora	<= 5.4.*
Fedora 36	Fedora	v9
Extra Packages for Enterprise Linux 8	Fedora	n/a
binutils	n/a	version M2.1.6.05

CVE-2023-25586

Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized

Metrics

Opam packages affected (3)

Products affected (27)

References (10)