5.5

CVE-2023-25586

Exploit

Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuBinutils Version2.40
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.263
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
secalert@redhat.com 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://security.netapp.com/advisory/ntap-20231103-0003/
https://access.redhat.com/security/cve/CVE-2023-25586
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2167502
Patch
Exploit
Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=29855
Patch
Exploit
Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502
Patch
Mailing List