First published: Wed Oct 19 2022(Updated: )
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | >=2.35<2.39-7 | |
Fedoraproject Fedora | =37 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
redhat/gcc-toolset | <12-binutils-0:2.38-17.el8 | 12-binutils-0:2.38-17.el8 |
redhat/devtoolset | <12-binutils-0:2.36.1-6.el7 | 12-binutils-0:2.36.1-6.el7 |
redhat/binutils 2.39 | <7 | 7 |
debian/binutils | <=2.35.2-2 | 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4285 is an illegal memory access flaw found in the binutils package.
The severity of CVE-2022-4285 is medium with a CVSS score of 5.5.
Software affected by CVE-2022-4285 includes Redhat Enterprise Linux 6.0, 7.0, 8.0, and 9.0, Fedora 37, GNU Binutils, gcc-toolset, devtoolset, and binutils version 2.39.
To fix CVE-2022-4285, update to the specified versions of the affected software provided in the respective vendor's advisory.
You can find more information about CVE-2022-4285 on the CVE website, NIST NVD, Bugzilla, and Red Hat's advisory page.