{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4285", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:34:50.077Z", "dateReserved": "2022-12-05T00:00:00", "datePublished": "2023-01-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-30T09:06:16.976157"}, "descriptions": [{"lang": "en", "value": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599."}], "affected": [{"vendor": "n/a", "product": "binutils", "versions": [{"version": "binutils 2.39-7", "status": "affected"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29699"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150768"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70"}, {"name": "GLSA-202309-15", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-15"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476", "cweId": "CWE-476"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:50.077Z"}, "title": "CVE Program Container", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29699", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150768", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70", "tags": ["x_transferred"]}, {"name": "GLSA-202309-15", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-15"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7CFD0F7-6794-4E57-9B17-B7F0CDC5103C", "versionEndExcluding": "2.39-7", "versionStartIncluding": "2.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de acceso ilegal a la memoria en el paquete binutils. El parseo de un archivo ELF que contiene informaci\u00f3n de versi\u00f3n de s\u00edmbolo corrupta puede resultar en una denegaci\u00f3n de servicio. Este problema es el resultado de una soluci\u00f3n incompleta para CVE-2020-16599."}], "id": "CVE-2022-4285", "lastModified": "2023-11-07T03:57:25.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-27T18:15:15.977", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150768"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-15"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29699"}, {"source": "secalert@redhat.com", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5c831a3c7f3ca98d6aba1200353311e1a1f84c70"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2873", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gcc-toolset-12-binutils-0:2.38-17.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:6236", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "binutils-0:2.30-119.el8_8.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-01T00:00:00Z"}, {"advisory": "RHSA-2023:6236", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "binutils-0:2.30-119.el8_8.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-01T00:00:00Z"}, {"advisory": "RHSA-2023:7394", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "binutils-0:2.30-113.el8_6.2", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-11-21T00:00:00Z"}, {"advisory": "RHSA-2023:6593", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "binutils-0:2.35.2-42.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6593", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "binutils-0:2.35.2-42.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:3269", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "devtoolset-12-binutils-0:2.36.1-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-05-23T00:00:00Z"}], "bugzilla": {"description": "binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault", "id": "2150768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150768"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599."], "name": "CVE-2022-4285", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gcc-toolset-11-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "gcc-toolset-11-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gcc-toolset-12-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-13-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gcc-toolset-12-gdb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-13-gdb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-10-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4285\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4285\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=29699\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70"], "threat_severity": "Moderate", "upstream_fix": "binutils 2.39-7"}