2233963 – (CVE-2022-48065) CVE-2022-48065 binutils: memory leak in find_abstract_instance() in dwarf2.c

Bug 2233963 (CVE-2022-48065) - CVE-2022-48065 binutils: memory leak in find_abstract_instance() in dwarf2.c

Summary: CVE-2022-48065 binutils: memory leak in find_abstract_instance() in dwarf2.c

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-48065
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2233964 2233965 2233966 2234120 2234121 2234122 2234123 2234124 2234125 2234126 2234127 2234128 2234129 2234130 2234131 2234132 2234133 2234134
Blocks:	2233947
TreeView+	depends on / blocked

Reported:	2023-08-23 19:59 UTC by Guilherme de Almeida Suckevicz
Modified:	2024-02-16 08:54 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-11-09 09:15:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2023-08-23 19:59:47 UTC

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

References:
https://sourceware.org/bugzilla/show_bug.cgi?id=29925
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a

Comment 1 Guilherme de Almeida Suckevicz 2023-08-23 20:01:42 UTC

Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233964]


Created gdb tracking bugs for this issue:

Affects: fedora-all [bug 2233965]


Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 2233966]

Comment 4 Nick Clifton 2023-08-24 11:58:17 UTC

(In reply to Guilherme de Almeida Suckevicz from comment #0)
> GNU Binutils before 2.40 was discovered to contain a memory leak
> vulnerability var the function find_abstract_instance in dwarf2.c.

The SECURITY.txt file found in the upstream GNU Binutils sources makes it clear that bug in inspection tools like nm are not considered to be security issues, and hence do not qualify for CVE treatment.

Note You need to log in before you can comment on or make changes to this bug.

acrosby
ailan
bdettelb
caswilli
desktop-qa-list
fjansen
fweimer
gdb-bugs
hkataria
jburrell
jmitchel
jsamir
jsherril
jtanner
kaycoth
keiths
kshier
mcermak
mpolacek
mprchlik
nickc
ohudlick
psegedy
rjones
sipoyare
sthirugn
tsasak
virt-maint
vkrizan