Updated: 2024-11-23 01:53:27.221097
Description:
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4.3 |
CVSS Version 3.x | LOW | 3.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 8.4 ELS | binutils | 2.30-93 | 3.3 | LOW | Released | CLSA-2022:1645466518 | 2022-04-26 15:46:41 | |
CentOS 8.5 ELS | binutils | 2.30-108 | 3.3 | LOW | Not Vulnerable | 2022-04-26 15:46:41 |