Search for vulnerabilities
Vulnerability details: VCID-3cxk-5pz4-xkfn
Vulnerability ID VCID-3cxk-5pz4-xkfn
Aliases CVE-2022-38533
Summary In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-122 Heap-based Buffer Overflow
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38533.json
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38533
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38533.json
https://api.first.org/data/v1/epss?cve=CVE-2022-38533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38533
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
https://security.netapp.com/advisory/ntap-20221104-0007/
https://sourceware.org/bugzilla/show_bug.cgi?id=29482
https://sourceware.org/bugzilla/show_bug.cgi?id=29482#c2
https://sourceware.org/bugzilla/show_bug.cgi?id=29495
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45d92439aebd0386ef8af76e1796d08cfe457e1d
2124569 https://bugzilla.redhat.com/show_bug.cgi?id=2124569
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533
USN-5762-1 https://usn.ubuntu.com/5762-1/
USN-6544-1 https://usn.ubuntu.com/6544-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38533.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38533
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02369
EPSS Score 0.00017
Published At Aug. 8, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:02.336663+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5762-1/ 37.0.0