CVE-2023-25586

Name
CVE-2023-25586
Description
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502
MISC https://sourceware.org/bugzilla/show_bug.cgi?id=29855
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2167502
MISC https://access.redhat.com/security/cve/CVE-2023-25586
MISC https://security.netapp.com/advisory/ntap-20231103-0003/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:binutils:2.40:*:*:*:*:*:*:* binutils == None == 2.40

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils 3.18-main 2.40-r7 Ariadne Conill <ariadne@dereferenced.org> possibly vulnerable