{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25585", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-02-07T19:03:20.221Z", "datePublished": "2023-09-14T20:50:09.526Z", "dateUpdated": "2025-02-13T16:44:32.455Z"}, "containers": {"cna": {"title": "Field `file_table` of `struct module *module` is uninitialized", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."}], "affected": [{"product": "binutils", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-11-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 7", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25585", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498", "name": "RHBZ#2167498", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}], "datePublic": "2022-12-12T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable", "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-04T05:07:10.765Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.297Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25585", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498", "name": "RHBZ#2167498", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T18:20:22.619522Z", "id": "CVE-2023-25585", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:20:31.908Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25585", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498", "name": "RHBZ#2167498", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.297Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25585", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T18:20:22.619522Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:20:27.817Z"}}], "cna": {"title": "Field `file_table` of `struct module *module` is uninitialized", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "binutils", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-11-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 7", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00+00:00", "value": "Made public."}], "datePublic": "2022-12-12T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25585", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498", "name": "RHBZ#2167498", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-457", "description": "Use of Uninitialized Variable"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-14T20:50:09.526Z"}, "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"}}, "cveMetadata": {"cveId": "CVE-2023-25585", "state": "PUBLISHED", "dateUpdated": "2024-09-25T18:20:31.908Z", "dateReserved": "2023-02-07T19:03:20.221Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-09-14T20:50:09.526Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.40:*:*:*:*:*:*:*", "matchCriteriaId": "042A4D5D-1779-4FF8-B831-5BEB24433794", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Binutils. El uso de un campo no inicializado en el m\u00f3dulo de estructura *module puede provocar el bloqueo de la aplicaci\u00f3n y la denegaci\u00f3n de servicio local."}], "id": "CVE-2023-25585", "lastModified": "2024-11-21T07:49:46.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-14T21:15:10.147", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25585"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "binutils: Field `file_table` of `struct module *module` is uninitialized", "id": "2167498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-457", "details": ["A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.", "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."], "name": "CVE-2023-25585", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-11-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25585\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25585\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=29892\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"], "statement": "This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this out-of-bounds read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with addr2line. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.", "threat_severity": "Low"}