CVE-2022-48063

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 22, 2023
Updated: Nov 7, 2023
CWE ID 400

Summary

CVE-2022-48063 is a memory consumption vulnerability affecting GNU Binutils before version 2.40. The issue arises from the function load_separate_debug_files at dwarf2.c, which can be exploited when processing a crafted ELF file. The vulnerability results in excessive memory consumption, potentially leading to denial-of-service attacks, and in specific cases, enabling a DNS attack. It is essential for users to update their Binutils installation to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share