Heap Based Buffer Overflow in Binutils-GDB Product by GNU
CVE-2023-1579

7.8HIGH

Key Information:

Vendor: Gnu
Status: binutils
Vendor: CVE Published:; 3 April 2023

Summary

A vulnerability has been identified in the Binutils-GDB package, specifically within the bfd_getl64 function in the libbfd.c file. This flaw can lead to a heap-based buffer overflow, potentially allowing for arbitrary code execution or denial of service conditions. It is critical for users of affected versions to patch their systems to mitigate potential exploitation of this vulnerability. Reference advisories for further guidance on preventative measures.

Affected Version(s)

binutils unknown

References

https://sourceware.org/bugzilla/show_bug.cgi?id=29988

https://security.netapp.com/advisory/ntap-20230511-0009/

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2023
Vulnerability Reserved
Mar 22, 2023