Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-38533

Published: 26 August 2022

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

Notes

AuthorNote
seth-arnold
binutils isn't safe for untrusted inputs.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
bionic
Released (2.30-21ubuntu1~18.04.8)
focal
Released (2.34-6ubuntu1.4)
jammy
Released (2.38-4ubuntu2.1)
kinetic
Released (2.39-3ubuntu1.1)
trusty Needed

upstream Pending
(2.40)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm5)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797