CVE-2022-38533

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
gnubinutils
𝑥
≤ 2.39
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
binutils
bookworm
2.40-2
fixed
bullseye
unimportant
sid
2.43.1-5
fixed
trixie
2.43.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
bionic
Fixed 2.30-21ubuntu1~18.04.8
released
focal
Fixed 2.34-6ubuntu1.4
released
jammy
Fixed 2.38-4ubuntu2.1
released
kinetic
Fixed 2.39-3ubuntu1.1
released
lunar
Fixed 2.40-2ubuntu1
released
mantic
Fixed 2.40-2ubuntu1
released
trusty
Fixed 2.24-5ubuntu14.2+esm6
released
xenial
Fixed 2.26.1-1ubuntu1~16.04.8+esm5
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
binutils
suse enterprise desktop 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise sap 12 SP5
2.39-9.50.1
fixed
suse enterprise sap 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise server 12 SP2
2.39-9.50.1
fixed
suse enterprise server 12 SP3
2.39-9.50.1
fixed
suse enterprise server 12 SP4
2.39-9.50.1
fixed
suse enterprise server 12 SP5
2.39-9.50.1
fixed
suse enterprise server 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP7
2.39-150100.7.40.1
fixed
binutils-devel
suse enterprise desktop 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise sap 12 SP5
2.39-9.50.1
fixed
suse enterprise sap 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise server 12 SP2
2.39-9.50.1
fixed
suse enterprise server 12 SP3
2.39-9.50.1
fixed
suse enterprise server 12 SP4
2.39-9.50.1
fixed
suse enterprise server 12 SP5
2.39-9.50.1
fixed
suse enterprise server 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP7
2.39-150100.7.40.1
fixed
binutils-devel-32bit
suse enterprise sap 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP4
2.39-150100.7.40.1
fixed
libctf-nobfd0
suse enterprise desktop 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise sap 12 SP5
2.39-9.50.1
fixed
suse enterprise sap 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise server 12 SP2
2.39-9.50.1
fixed
suse enterprise server 12 SP3
2.39-9.50.1
fixed
suse enterprise server 12 SP4
2.39-9.50.1
fixed
suse enterprise server 12 SP5
2.39-9.50.1
fixed
suse enterprise server 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP7
2.39-150100.7.40.1
fixed
libctf0
suse enterprise desktop 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise desktop 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise sap 12 SP5
2.39-9.50.1
fixed
suse enterprise sap 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise sap 15 SP7
2.39-150100.7.40.1
fixed
suse enterprise server 12 SP2
2.39-9.50.1
fixed
suse enterprise server 12 SP3
2.39-9.50.1
fixed
suse enterprise server 12 SP4
2.39-9.50.1
fixed
suse enterprise server 12 SP5
2.39-9.50.1
fixed
suse enterprise server 15 SP1
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP2
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP3
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP4
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP5
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP6
2.39-150100.7.40.1
fixed
suse enterprise server 15 SP7
2.39-150100.7.40.1
fixed
Common Weakness Enumeration
References
https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
https://security.gentoo.org/glsa/202309-15
https://security.netapp.com/advisory/ntap-20221104-0007/
https://sourceware.org/bugzilla/show_bug.cgi?id=29482
https://sourceware.org/bugzilla/show_bug.cgi?id=29482#c2
https://sourceware.org/bugzilla/show_bug.cgi?id=29495
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45d92439aebd0386ef8af76e1796d08cfe457e1d
https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
https://security.gentoo.org/glsa/202309-15
https://security.netapp.com/advisory/ntap-20221104-0007/
https://sourceware.org/bugzilla/show_bug.cgi?id=29482
https://sourceware.org/bugzilla/show_bug.cgi?id=29482#c2
https://sourceware.org/bugzilla/show_bug.cgi?id=29495
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45d92439aebd0386ef8af76e1796d08cfe457e1d