ALT-PU-2022-2326-1

Package update binutils in branch icarus

Version2.38-alt1

Published2022-08-02

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Уязвимость функции stab_xcoff_builtin_type (stabs.c) набора инструментального программного обеспечения GNU Binary Utilities, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код

Published: 2022-02-04Modified: 2025-10-14

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2021-45078

HIGH7.8

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Published: 2021-12-15Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References