Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for Extra Packages for Enterprise Linux 7 by Fedora

    CVE-2023-25588 (GCVE-0-2023-25588)

    Vulnerability from nvd – Published: 2023-09-14 20:47 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
    Summary
    A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25588"
              },
              {
                "name": "RHBZ#2167505",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25588",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:22:06.630431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:22:15.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:12.363Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25588"
            },
            {
              "name": "RHBZ#2167505",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
            },
            {
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`",
          "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25588",
        "datePublished": "2023-09-14T20:47:16.974Z",
        "dateReserved": "2023-02-07T19:03:20.221Z",
        "dateUpdated": "2025-02-13T16:44:33.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25586 (GCVE-0-2023-25586)

    Vulnerability from nvd – Published: 2023-09-14 20:49 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
    Summary
    A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25586"
              },
              {
                "name": "RHBZ#2167502",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167502"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25586",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:21:11.697914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:21:19.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-11-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:13.976Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25586"
            },
            {
              "name": "RHBZ#2167502",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167502"
            },
            {
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized",
          "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25586",
        "datePublished": "2023-09-14T20:49:15.468Z",
        "dateReserved": "2023-02-07T19:03:20.221Z",
        "dateUpdated": "2025-02-13T16:44:33.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25585 (GCVE-0-2023-25585)

    Vulnerability from nvd – Published: 2023-09-14 20:50 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Field `file_table` of `struct module *module` is uninitialized
    Summary
    A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25585"
              },
              {
                "name": "RHBZ#2167498",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25585",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:20:22.619522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:20:31.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:10.765Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25585"
            },
            {
              "name": "RHBZ#2167498",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
            },
            {
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Field `file_table` of `struct module *module` is uninitialized",
          "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25585",
        "datePublished": "2023-09-14T20:50:09.526Z",
        "dateReserved": "2023-02-07T19:03:20.221Z",
        "dateUpdated": "2025-02-13T16:44:32.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25584 (GCVE-0-2023-25584)

    Vulnerability from nvd – Published: 2023-09-14 20:50 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Out of bounds read in parse_module function in bfd/vms-alpha.c
    Summary
    An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25584"
              },
              {
                "name": "RHBZ#2167467",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-23T19:33:44.565202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:47:06.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-11-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:06.103Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25584"
            },
            {
              "name": "RHBZ#2167467",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Out of bounds read in parse_module function in bfd/vms-alpha.c",
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25584",
        "datePublished": "2023-09-14T20:50:58.267Z",
        "dateReserved": "2023-02-07T19:03:20.220Z",
        "dateUpdated": "2025-02-13T16:44:31.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3603 (GCVE-0-2023-3603)

    Vulnerability from nvd – Published: 2023-07-21 19:09 – Updated: 2024-09-26 20:04
    VLAI
    Title
    Processing sftp server read may cause null dereference
    Summary
    A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-3603 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2221791 issue-trackingx_refsource_REDHAT
    Date Public
    2023-07-10 00:00
    Credits
    Upstream acknowledges Wei Chong Tan as the original reporter.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:56.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3603"
              },
              {
                "name": "RHBZ#2221791",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T20:04:28.247195Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:04:43.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "libssh",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Fedora",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Upstream acknowledges Wei Chong Tan as the original reporter."
            }
          ],
          "datePublic": "2023-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user\u0027s sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\r\n\r\nGiven this code is not in any released versions, no security releases have been issued."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-23T00:58:36.996Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3603"
            },
            {
              "name": "RHBZ#2221791",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Processing sftp server read may cause null dereference",
          "workarounds": [
            {
              "lang": "en",
              "value": "The SFTP server implementation is based on callbacks so you can rewrite the sftp_channel_default_data_callback() to provide additional checks.\n\n[1] https://gitlab.com/libssh/libssh-mirror/-/blob/master/examples/sample_sftpserver.c#L330"
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3603",
        "datePublished": "2023-07-21T19:09:44.083Z",
        "dateReserved": "2023-07-10T18:21:21.431Z",
        "dateUpdated": "2024-09-26T20:04:43.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25584 (GCVE-0-2023-25584)

    Vulnerability from cvelistv5 – Published: 2023-09-14 20:50 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Out of bounds read in parse_module function in bfd/vms-alpha.c
    Summary
    An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25584"
              },
              {
                "name": "RHBZ#2167467",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-23T19:33:44.565202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:47:06.335Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-11-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:06.103Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25584"
            },
            {
              "name": "RHBZ#2167467",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Out of bounds read in parse_module function in bfd/vms-alpha.c",
          "x_redhatCweChain": "CWE-125: Out-of-bounds Read"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25584",
        "datePublished": "2023-09-14T20:50:58.267Z",
        "dateReserved": "2023-02-07T19:03:20.220Z",
        "dateUpdated": "2025-02-13T16:44:31.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25585 (GCVE-0-2023-25585)

    Vulnerability from cvelistv5 – Published: 2023-09-14 20:50 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Field `file_table` of `struct module *module` is uninitialized
    Summary
    A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25585"
              },
              {
                "name": "RHBZ#2167498",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25585",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:20:22.619522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:20:31.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:10.765Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25585"
            },
            {
              "name": "RHBZ#2167498",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
            },
            {
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Field `file_table` of `struct module *module` is uninitialized",
          "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25585",
        "datePublished": "2023-09-14T20:50:09.526Z",
        "dateReserved": "2023-02-07T19:03:20.221Z",
        "dateUpdated": "2025-02-13T16:44:32.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25586 (GCVE-0-2023-25586)

    Vulnerability from cvelistv5 – Published: 2023-09-14 20:49 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized
    Summary
    A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25586"
              },
              {
                "name": "RHBZ#2167502",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167502"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25586",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:21:11.697914Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:21:19.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-11-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-gdb",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "gdb",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:13.976Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25586"
            },
            {
              "name": "RHBZ#2167502",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167502"
            },
            {
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized",
          "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25586",
        "datePublished": "2023-09-14T20:49:15.468Z",
        "dateReserved": "2023-02-07T19:03:20.221Z",
        "dateUpdated": "2025-02-13T16:44:33.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25588 (GCVE-0-2023-25588)

    Vulnerability from cvelistv5 – Published: 2023-09-14 20:47 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
    Summary
    A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    Date Public
    2022-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-25588"
              },
              {
                "name": "RHBZ#2167505",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25588",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:22:06.630431Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:22:15.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "binutils",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-11-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "gcc-toolset-12-binutils",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "binutils",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "radare2",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 37",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "insight",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "mingw-binutils",
              "product": "Fedora 36",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Extra Packages for Enterprise Linux 8",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "rizin",
              "product": "Fedora 36",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2022-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-04T05:07:12.363Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-25588"
            },
            {
              "name": "RHBZ#2167505",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
            },
            {
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
            },
            {
              "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-12T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2022-12-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`",
          "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-25588",
        "datePublished": "2023-09-14T20:47:16.974Z",
        "dateReserved": "2023-02-07T19:03:20.221Z",
        "dateUpdated": "2025-02-13T16:44:33.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3603 (GCVE-0-2023-3603)

    Vulnerability from cvelistv5 – Published: 2023-07-21 19:09 – Updated: 2024-09-26 20:04
    VLAI
    Title
    Processing sftp server read may cause null dereference
    Summary
    A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-3603 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2221791 issue-trackingx_refsource_REDHAT
    Date Public
    2023-07-10 00:00
    Credits
    Upstream acknowledges Wei Chong Tan as the original reporter.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:56.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3603"
              },
              {
                "name": "RHBZ#2221791",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T20:04:28.247195Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:04:43.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "libssh",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Extra Packages for Enterprise Linux 7",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "libssh",
              "product": "Fedora",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Upstream acknowledges Wei Chong Tan as the original reporter."
            }
          ],
          "datePublic": "2023-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user\u0027s sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\r\n\r\nGiven this code is not in any released versions, no security releases have been issued."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Low"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-23T00:58:36.996Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3603"
            },
            {
              "name": "RHBZ#2221791",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-07-10T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Processing sftp server read may cause null dereference",
          "workarounds": [
            {
              "lang": "en",
              "value": "The SFTP server implementation is based on callbacks so you can rewrite the sftp_channel_default_data_callback() to provide additional checks.\n\n[1] https://gitlab.com/libssh/libssh-mirror/-/blob/master/examples/sample_sftpserver.c#L330"
            }
          ],
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3603",
        "datePublished": "2023-07-21T19:09:44.083Z",
        "dateReserved": "2023-07-10T18:21:21.431Z",
        "dateUpdated": "2024-09-26T20:04:43.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }