#VU86947 Input validation error in Binutils - CVE-2022-47695


Vulnerability identifier: #VU86947

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-47695

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Binutils
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the bfd_mach_o_get_synthetic_symtab() function in match-o.c in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Binutils: 2.7 - 2.39

External links
https://sourceware.org/bugzilla/show_bug.cgi?id=29846

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for binutils
Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines
Multiple vulnerabilities in Dell ObjectScale
Multiple vulnerabilities in Dell EMC VxRail Appliance
Multiple vulnerabilities in IBM Sterling Order Management
Ubuntu update for binutils
Multiple vulnerabilities in GNU Binutils
SUSE update for binutils
SUSE update for binutils
Ubuntu update for binutils