Bug 2233984 (CVE-2022-47008)

Summary: CVE-2022-47008 binutils: memory leak in make_tempdir() and make_tempname() in bucomm.c
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acrosby, adibrahi, ailan, bdettelb, caswilli, desktop-qa-list, fjansen, fweimer, gdb-bugs, hkataria, jburrell, jmitchel, jsamir, jsherril, jtanner, kaycoth, keiths, kshier, mcermak, mpolacek, mprchlik, nickc, ohudlick, psegedy, rjones, sipoyare, sthirugn, virt-maint, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2233985, 2233986, 2233987, 2234180, 2234181, 2234182, 2234183, 2234184, 2234185, 2234186, 2234187, 2234188, 2234189, 2234190, 2234191, 2234192, 2234193, 2234194    
Bug Blocks: 2233947    

Description Guilherme de Almeida Suckevicz 2023-08-23 20:23:01 UTC
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.


Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 20:24:34 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233985]

Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2233986]

Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233987]