5.5

CVE-2023-25588

Exploit

Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuBinutils Version2.40
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.3
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
secalert@redhat.com 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://sourceware.org/bugzilla/show_bug.cgi?id=29677
Patch
Exploit
Issue Tracking
https://security.netapp.com/advisory/ntap-20231103-0003/
https://access.redhat.com/security/cve/CVE-2023-25588
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2167505
Patch
Exploit
Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
Patch
Mailing List