Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-48063

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Published

2023-08-22T19:16:30.867

Last Modified

2024-11-21T07:32:45.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	binutils	< 2.40	Yes

References

https://security.netapp.com/advisory/ntap-20231006-0008/ ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=29924 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd ([email protected])
https://security.netapp.com/advisory/ntap-20231006-0008/ (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/bugzilla/show_bug.cgi?id=29924 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd (af854a3a-2127-422b-91ae-364da2661108)