CVE-2022-48065 : GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability v

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

Published 2023-08-22 19:16:31

Updated 2023-11-15 02:36:07

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-48065

GNU » Binutils
Versions before (<) 2.40
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Matching versions
Netapp » Ontap Select Deploy Administration Utility » Version: N/A
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-48065

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-48065

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-48065

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-48065

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d28fbc7197ba0e021a43f873eff90b05dcdcff6a

sourceware.org Git
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/

[SECURITY] Fedora 39 Update: gdb-13.2-10.fc39 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/

[SECURITY] Fedora 38 Update: gdb-13.2-6.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/

[SECURITY] Fedora 38 Update: gdb-13.2-6.fc38 - package-announce - Fedora Mailing-Lists
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a

sourceware.org Git - binutils-gdb.git/commit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/

[SECURITY] Fedora 39 Update: gdb-13.2-10.fc39 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://sourceware.org/bugzilla/show_bug.cgi?id=29925

29925 – Memory leak in find_abstract_instance
Exploit;Issue Tracking;Vendor Advisory
https://security.netapp.com/advisory/ntap-20231006-0008/

August 2023 GNU Binutils Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-48065

Products affected by CVE-2022-48065

Exploit prediction scoring system (EPSS) score for CVE-2022-48065

CVSS scores for CVE-2022-48065

CWE ids for CVE-2022-48065

References for CVE-2022-48065