Bug 2234027 (CVE-2022-47695)
Summary: | CVE-2022-47695 binutils: uninitialized field in bfd_mach_o_get_synthetic_symtab() in match-o.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | acrosby, ailan, bdettelb, caswilli, desktop-qa-list, fjansen, fweimer, gdb-bugs, hkataria, jburrell, jmitchel, jsamir, jsherril, jtanner, kaycoth, keiths, kshier, mcermak, mpolacek, mprchlik, nickc, ohudlick, psegedy, rjones, sipoyare, sthirugn, tsasak, virt-maint, vkrizan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-11-09 09:18:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2234031, 2234032, 2234033, 2234300, 2234301, 2234302, 2234303, 2234304, 2234305, 2234306, 2234307, 2234308, 2234309, 2234310, 2234311, 2234312, 2234313, 2234314 | ||
Bug Blocks: | 2233947 |
Description
Guilherme de Almeida Suckevicz
2023-08-23 22:16:26 UTC
According to the description of this CVE in Mitre[1], the reference of this issue is this bug[2], however this bug seems related to CVE-2022-47696[3]. [1]. https://www.cve.org/CVERecord?id=CVE-2022-47695 [2]. https://sourceware.org/bugzilla/show_bug.cgi?id=29846 [3]. https://bugzilla.redhat.com/show_bug.cgi?id=2234029 Created binutils tracking bugs for this issue: Affects: fedora-all [bug 2234031] Created gdb tracking bugs for this issue: Affects: fedora-all [bug 2234032] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 2234033] (In reply to Guilherme de Almeida Suckevicz from comment #0) > An issue was discovered Binutils objdump before 2.39.3 allows attackers to > cause a denial of service or other unspecified impacts via function > bfd_mach_o_get_synthetic_symtab in match-o.c. The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like objdump are not considered to be security issues, and hence do not qualify for CVE treatment. |