Assertion Failure in Binutils Readelf - Denial of Service Vulnerability
CVE-2022-35205

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Binutils
Vendor: CVE Published:; 22 August 2023

Summary

An issue has been identified in the Binutils readelf utility where an assertion failure can be triggered in the display_debug_names function. This vulnerability allows attackers to exploit the affected version, leading to a denial of service. When exploited, it can lead to unexpected application behavior or crashes, thereby impacting system stability and availability. Users of the affected product are advised to implement mitigations and update to secured versions as necessary.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=29289

https://security.netapp.com/advisory/ntap-20231006-0010/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Jul 4, 2022