{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25584", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-02-07T19:03:20.220Z", "datePublished": "2023-09-14T20:50:58.267Z", "dateUpdated": "2025-02-13T16:44:31.939Z"}, "containers": {"cna": {"title": "Out of bounds read in parse_module function in bfd/vms-alpha.c", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."}], "affected": [{"product": "binutils", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-11-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-11-gdb", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-gdb", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-gdb", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 7", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}], "datePublic": "2022-12-12T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-04T05:07:06.103Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.308Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-23T19:33:44.565202Z", "id": "CVE-2023-25584", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T14:47:06.335Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.308Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25584", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-23T19:33:44.565202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T14:47:00.814Z"}}], "cna": {"title": "Out of bounds read in parse_module function in bfd/vms-alpha.c", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "binutils", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-11-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-11-gdb", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-12-gdb", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gcc-toolset-12-gdb", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 7", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Made public."}], "datePublic": "2022-12-12T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25584", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467", "name": "RHBZ#2167467", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-14T20:50:58.267Z"}, "x_redhatCweChain": "CWE-125: Out-of-bounds Read"}}, "cveMetadata": {"cveId": "CVE-2023-25584", "state": "PUBLISHED", "dateUpdated": "2024-12-03T14:47:06.335Z", "dateReserved": "2023-02-07T19:03:20.220Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-09-14T20:50:58.267Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "07F200C4-64B2-46FE-9987-42ED7E94C380", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de lectura fuera de l\u00edmites en la funci\u00f3n parse_module en bfd/vms-alpha.c en Binutils."}], "id": "CVE-2023-25584", "lastModified": "2024-11-21T07:49:46.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-14T21:15:10.023", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25584"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231103-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "binutils: Out of bounds read in parse_module function in bfd/vms-alpha.c", "id": "2167467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.", "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."], "name": "CVE-2023-25584", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-11-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-11-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-12-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-12-gdb", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25584\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25584\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"], "statement": "The issue is classified as low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting its exploitation potential. The buffer overflow in vms-alpha.c only triggers during the parsing of malformed files, which would require an attacker to convince a user to process a malicious binary file. Moreover, binutils does not handle privileged operations, meaning exploitation is unlikely to lead to system compromise or escalation of privileges. Additionally, the impact is localized to the application itself, without affecting the broader system or network security.", "threat_severity": "Low"}