CVE-2023-25586 — MEDIUM (4.7)

Vulnerability Description

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Binutils	2.40

Related Weaknesses (CWE)

CWE-908 CWE-457

References

https://access.redhat.com/security/cve/CVE-2023-25586Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2167502ExploitIssue TrackingPatch
https://security.netapp.com/advisory/ntap-20231103-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=29855ExploitIssue TrackingPatch
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2dMailing ListPatch
https://access.redhat.com/security/cve/CVE-2023-25586Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2167502ExploitIssue TrackingPatch
https://security.netapp.com/advisory/ntap-20231103-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=29855ExploitIssue TrackingPatch
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2dMailing ListPatch

FAQ

What is CVE-2023-25586?

CVE-2023-25586 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

How severe is CVE-2023-25586?

CVE-2023-25586 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25586?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.