SUSE update for binutils
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2020-19726 CVE-2021-32256 CVE-2022-35205 CVE-2022-35206 CVE-2022-4285 CVE-2022-44840 CVE-2022-45703 CVE-2022-47673 CVE-2022-47695 CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2023-1579 CVE-2023-1972 CVE-2023-25585 CVE-2023-25588 |
| CWE-ID | CWE-119 CWE-787 CWE-617 CWE-476 CWE-122 CWE-125 CWE-20 CWE-400 CWE-401 CWE-908 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system libctf0-debuginfo Operating systems & Components / Operating system package or component libctf0 Operating systems & Components / Operating system package or component binutils Operating systems & Components / Operating system package or component libctf-nobfd0 Operating systems & Components / Operating system package or component libctf-nobfd0-debuginfo Operating systems & Components / Operating system package or component binutils-gold-debuginfo Operating systems & Components / Operating system package or component binutils-devel Operating systems & Components / Operating system package or component binutils-debugsource Operating systems & Components / Operating system package or component binutils-gold Operating systems & Components / Operating system package or component binutils-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU84094
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-19726
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in libbfd.c when handling the auxiliary symbol data. A remote attacker can trick the victim to pass specially crafted data to the application and perform a denial of service (DoS) attack.
Update the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU88554
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-32256
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when processing untrusted input in demangle_type in rust-demangle.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and perform a denial of service attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable Assertion
EUVDB-ID: #VU83858
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-35205
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the display_debug_names() function. A remote attacker can trick the victim to pass specially crafted input to the application and crash it.
Update the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU85741
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-35206
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A local user can trigger denial of service conditions via function read_and_display_attr_value in file dwarf.c.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU76453
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4285
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when parsing an ELF file containing corrupt symbol version information. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU85404
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-44840
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the find_section_in_set() function in readelf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU85405
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-45703
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the display_debug_section() function in readelf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU87120
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47673
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the parse_module() function in addr2line. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Update the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU86947
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47695
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the bfd_mach_o_get_synthetic_symtab() function in match-o.c in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU87119
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47696
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the compare_symbols() function in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU83863
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48063
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the load_separate_debug_files() function in dwarf2.c. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource exhaustion
EUVDB-ID: #VU86948
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48064
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the bfd_dwarf2_find_nearest_line_with_alt() function in dwarf2.c. A remote attacker can trigger resource exhaustion via a crafted ELF file and perform a denial of service (DoS) attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU86946
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48065
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the find_abstract_instance() function in dwarf2.c. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU76485
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1579
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the bfd_getl64() function in binutils-gdb/bfd/libbfd.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Update the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU76486
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1972
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the _bfd_elf_slurp_version_tables() function in bfd/elf.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU92168
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25585
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized field in the struct module *module. A local user can trick the victim into opening specially crafted data, leading to an application crash and local denial of service.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU92166
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-25588
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function. A local user can trick the victim into opening specially crafted data, leading to an application crash and local denial of service.
MitigationUpdate the affected package binutils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libctf0-debuginfo: before 2.41-9.53.1
libctf0: before 2.41-9.53.1
binutils: before 2.41-9.53.1
libctf-nobfd0: before 2.41-9.53.1
libctf-nobfd0-debuginfo: before 2.41-9.53.1
binutils-gold-debuginfo: before 2.41-9.53.1
binutils-devel: before 2.41-9.53.1
binutils-debugsource: before 2.41-9.53.1
binutils-gold: before 2.41-9.53.1
binutils-debuginfo: before 2.41-9.53.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libctf0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libctf-nobfd0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-gold:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:binutils-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233695-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
