{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25588", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-02-07T19:03:20.221Z", "datePublished": "2023-09-14T20:47:16.974Z", "dateUpdated": "2025-02-13T16:44:33.622Z"}, "containers": {"cna": {"title": "Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."}], "affected": [{"product": "binutils", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-11-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gcc-toolset-12-binutils", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 7", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "radare2", "defaultStatus": "unaffected"}, {"product": "Fedora 37", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "insight", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "mingw-binutils", "defaultStatus": "unaffected"}, {"product": "Extra Packages for Enterprise Linux 8", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}, {"product": "Fedora 36", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "rizin", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25588", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505", "name": "RHBZ#2167505", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}], "datePublic": "2022-12-12T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "description": "Use of Uninitialized Variable", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable", "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-04T05:07:12.363Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.353Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25588", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505", "name": "RHBZ#2167505", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T18:22:06.630431Z", "id": "CVE-2023-25588", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:22:15.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25588", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505", "name": "RHBZ#2167505", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.353Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25588", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T18:22:06.630431Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:22:11.498Z"}}], "cna": {"title": "Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "binutils", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-11-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gcc-toolset-12-binutils", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 7", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora", "packageName": "binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "radare2", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 37", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "insight", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "mingw-binutils", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Extra Packages for Enterprise Linux 8", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}, {"vendor": "Fedora", "product": "Fedora 36", "packageName": "rizin", "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-01-12T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2022-12-12T00:00:00.000Z", "value": "Made public."}], "datePublic": "2022-12-12T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-25588", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505", "name": "RHBZ#2167505", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"}, {"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-457", "description": "Use of Uninitialized Variable"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-04T05:07:12.363Z"}, "x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"}}, "cveMetadata": {"cveId": "CVE-2023-25588", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:44:33.622Z", "dateReserved": "2023-02-07T19:03:20.221Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-09-14T20:47:16.974Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.40:*:*:*:*:*:*:*", "matchCriteriaId": "042A4D5D-1779-4FF8-B831-5BEB24433794", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Binutils. El campo `the_bfd` de `asymbol`struct no est\u00e1 inicializado en la funci\u00f3n `bfd_mach_o_get_synthetic_symtab`, lo que puede provocar un bloqueo de la aplicaci\u00f3n y una denegaci\u00f3n de servicio local."}], "id": "CVE-2023-25588", "lastModified": "2024-11-21T07:49:46.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-14T21:15:10.320", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25588"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-25588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231103-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "binutils: Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`", "id": "2167505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-457", "details": ["A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.", "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."], "name": "CVE-2023-25588", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-11-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-12-binutils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25588\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25588\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=29677\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"], "statement": "This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this out-of-bounds read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with objdump. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.", "threat_severity": "Low"}

{}