CVE-2022-4285

Sažetak

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2150768
https://security.gentoo.org/glsa/202309-15
https://sourceware.org/bugzilla/show_bug.cgi?id=29699
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
https://bugzilla.redhat.com/show_bug.cgi?id=2150768
https://security.gentoo.org/glsa/202309-15
https://sourceware.org/bugzilla/show_bug.cgi?id=29699
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

28-03-2025 - 16:15

Objavljeno

27-01-2023 - 18:15