Heap Buffer Overflow in Binutils Readelf Affects Sourceware
CVE-2022-44840

7.8HIGH

Key Information:

Vendor: Gnu
Status: Binutils
Vendor: CVE Published:; 22 August 2023

What is CVE-2022-44840?

A heap buffer overflow vulnerability exists in Binutils Readelf prior to version 2.40. This issue arises from the function find_section_in_set in readelf.c, which may allow an attacker to exploit memory corruption. Proper handling of dynamic memory allocation is crucial to prevent potential impacts on system integrity and security. Implementing updates and patches is essential to mitigate this risk.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=29732

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Nov 7, 2022

Gnu

What is CVE-2022-44840?

References

CVSS V3.1

Timeline