A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
Se encontró una vulnerabilidad en GNU Binutils hasta la versión 2.44. Se ha clasificado como crítica. Este problema afecta a la función elf_gc_sweep del archivo bfd/elflink.c del componente ld. La manipulación provoca corrupción de memoria. Un ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Actualizar a la versión 2.45 puede solucionar este problema. Se recomienda actualizar el componente afectado.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:L/AC:L/Au:S/C:P/I:P/A:P
| Access Vector | LOCAL |
|---|---|
| Access Complexity | LOW |
| Authentication | SINGLE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Attack Requirements | NONE |
| Privileges Required | LOW |
| User Interaction | NONE |
| Vulnerability Confidentiality | LOW |
| Vulnerability Integrity | LOW |
| Vulnerability Availability | LOW |
| Subsequent Confidentiality | NONE |
| Subsequent Integrity | NONE |
| Subsequent Availability | NONE |
Source: [email protected]
Type: Secondary
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-119
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | binutils | * | <built-in method update of dict object at 0x702bde5351c0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* |