binutils 安全漏洞 (CVE-2022-48064)

admin

0
文章

0
评论

2023-11-29 21:18:49 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 binutils 安全漏洞 (CVE-2022-48064)

CVE编号

CVE-2022-48064

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-08-23

漏洞描述

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.netapp.com/advisory/ntap-20231006-0008/
https://sourceware.org/bugzilla/show_bug.cgi?id=29922
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d75...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	gnu	binutils	*		Up to (excluding) 2.40
	运行在以下环境
	系统	amazon_2023	binutils	*		Up to (excluding) 2.39-6.amzn2023.0.9
	运行在以下环境
	系统	debian_10	binutils	*		Up to (including) 2.31.1-16
	运行在以下环境
	系统	debian_11	binutils	*		Up to (including) 2.35.2-2
	运行在以下环境
	系统	debian_12	binutils	*		Up to (excluding) 2.40-2
	运行在以下环境
	系统	debian_sid	binutils	*		Up to (excluding) 2.40-2
	运行在以下环境
	系统	fedora_37	gdb-gdbserver	*		Up to (excluding) 13.2-3.fc37
	运行在以下环境
	系统	fedora_38	gdb-gdbserver	*		Up to (excluding) 13.2-5.fc38
	运行在以下环境
	系统	fedora_39	gdb-gdbserver	*		Up to (excluding) 13.2-10.fc39
	运行在以下环境
	系统	suse_12_SP5	binutils-devel	*		Up to (excluding) 2.41-9.53.1
	运行在以下环境
	系统	unionos_e	binutils	*		Up to (excluding) binutils-2.34-27.up1.uel20