CVE-2022-4285

MEDIUM

binutils 2.35-2.39-6 - Denial of Service via Corrupt ELF Symbol Version Parsing

Title source: llm

Description

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

References (4)

Core 4

Core References

Patch

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70

Exploit, Issue Tracking, Patch, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2150768

Exploit, Issue Tracking, Patch, Vendor Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=29699

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202309-15

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 17.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (6)

fedoraproject/fedora 37

gnu/binutils 2.35 - 2.39-7

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

Published Jan 27, 2023

Tracked Since Feb 18, 2026