CVE-2022-48064
First published: Tue Aug 22 2023(Updated: )
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Binutils | <2.40 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| NetApp ONTAP Select Deploy administration utility |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/
- https://security.netapp.com/advisory/ntap-20231006-0008/
- https://sourceware.org/bugzilla/show_bug.cgi?id=29922
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
Frequently Asked Questions
What is CVE-2022-48064?
CVE-2022-48064 is a vulnerability in GNU Binutils before version 2.40 that allows an attacker to cause excessive memory consumption.
How does CVE-2022-48064 affect GNU Binutils?
CVE-2022-48064 affects GNU Binutils before version 2.40 by allowing an attacker to supply a crafted ELF file and cause a DNS attack.
What is the severity of CVE-2022-48064?
CVE-2022-48064 has a severity rating of medium with a severity value of 5.5.
How can I fix CVE-2022-48064?
To fix CVE-2022-48064, update GNU Binutils to version 2.40 or later.
Where can I find more information about CVE-2022-48064?
You can find more information about CVE-2022-48064 at the following references: [Reference 1](https://sourceware.org/bugzilla/show_bug.cgi?id=29922) and [Reference 2](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/mitre-cve
- collector/nvd-api
- collector/nvd-index
- vendor/gnu
- canonical/gnu binutils
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- vendor/netapp
- canonical/netapp ontap select deploy administration utility