CVE-2023-25584 - Vulnerability Details - OpenCVE

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Gnu	Binutils
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-29526	An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Ubuntu USN	USN-6101-1	GNU binutils vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-25584
https://bugzilla.redhat.com/show_bug.cgi?id=2167467
https://nvd.nist.gov/vuln/detail/CVE-2023-25584
https://security.netapp.com/advisory/ntap-20231103-0002/
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
https://www.cve.org/CVERecord?id=CVE-2023-25584

History

Tue, 03 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-14T20:50:58.267Z

Updated: 2025-02-13T16:44:31.939Z

Reserved: 2023-02-07T19:03:20.220Z

Link: CVE-2023-25584

Vulnrichment

Updated: 2024-08-02T11:25:19.308Z

NVD

Status : Modified

Published: 2023-09-14T21:15:10.023

Modified: 2024-11-21T07:49:46.453

Link: CVE-2023-25584

Redhat

Severity : Low

Publid Date: 2022-12-12T00:00:00Z

Links: CVE-2023-25584 - Bugzilla

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25584", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-02-07T19:03:20.220Z", "datePublished": "2023-09-14T20:50:58.267Z", "dateUpdated": "2025-02-13T16:44:31.939Z"}, "containers": {"cna": {"title": "Out of bounds read in parse_module function in bfd/vms-alpha.c", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."}], "affected": [{"product": "binutils", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-11-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-11-gdb", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-gdb", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-gdb", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 7", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}], "datePublic": "2022-12-12T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-04T05:07:06.103Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.308Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-23T19:33:44.565202Z", "id": "CVE-2023-25584", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T14:47:06.335Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.308Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25584", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-23T19:33:44.565202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T14:47:00.814Z"}}], "cna": {"title": "Out of bounds read in parse_module function in bfd/vms-alpha.c", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "binutils", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-11-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-11-gdb", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-12-gdb", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gcc-toolset-12-gdb", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 7", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Made public."}], "datePublic": "2022-12-12T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-14T20:50:58.267Z"}, "x_redhatCweChain": "CWE-125: Out-of-bounds Read"}}, "cveMetadata": {"cveId": "CVE-2023-25584", "state": "PUBLISHED", "dateUpdated": "2024-12-03T14:47:06.335Z", "dateReserved": "2023-02-07T19:03:20.220Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-09-14T20:50:58.267Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "07F200C4-64B2-46FE-9987-42ED7E94C380", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de lectura fuera de l\u00edmites en la funci\u00f3n parse_module en bfd/vms-alpha.c en Binutils."}], "id": "CVE-2023-25584", "lastModified": "2024-11-21T07:49:46.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-14T21:15:10.023", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25584"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "binutils: Out of bounds read in parse_module function in bfd/vms-alpha.c", "id": "2167467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."], "name": "CVE-2023-25584", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-11-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-11-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-12-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-12-gdb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25584\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25584\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"], "statement": "The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The buffer overflow in vms-alpha.c only triggers during the parsing of malformed files, which would require an attacker to convince a user to process a malicious binary file. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.", "threat_severity": "Low"}