CVE-2023-25588

Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`

Published: 9/14/2023 Last updated: 2/13/2025 Reserved: 2/7/2023

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (13)

Product	Vendor	Version
Red Hat Enterprise Linux 9	Red Hat	>= 3.0.0, < 5.8.0
Fedora 36	Fedora	n/a
Fedora	Fedora	< b172535ccba12f0cf7d23b3b840989de47fc104d
Red Hat Enterprise Linux 6	Red Hat	< 2.19.0
Fedora 36	Fedora	< e1249667750399a48cafcf5945761d39fa584edf
Fedora 37	Fedora	< 2fd0f5ceb997f90f4332ccbab6c7e907e6b2d0eb
Fedora 36	Fedora	3.12
Fedora 37	Fedora	< dd0b28d877b293b1d7f8727a7de08ae36b6b9ef0
Fedora 36	Fedora	< 7cda0fdde5d9890976861421d207870500f9aace
Fedora 37	Fedora	< c38028ce0d0045ca600b6a8345a0ff92bfb47b66
Extra Packages for Enterprise Linux 8	Fedora	aca4f524c6cb14cdc7bc4cd493492a33f5154797
Extra Packages for Enterprise Linux 8	Fedora	< 3.12
Fedora 36	Fedora	<= 6.1.*

CVE-2023-25588

Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`

Metrics

Opam packages affected (3)

Products affected (13)

References (20)