VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4s81-8sg3-cbfu

Essentials
Severities (25)
References (11)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4s81-8sg3-cbfu
Aliases	CVE-2022-48063
Summary	GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-400

Uncontrolled Resource Consumption

System	Score	Found at
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
epss	0.00011	https://api.first.org/data/v1/epss?cve=CVE-2022-48063
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2022-48063
ssvc	Track	https://security.netapp.com/advisory/ntap-20231006-0008/
ssvc	Track	https://sourceware.org/bugzilla/show_bug.cgi?id=29924
ssvc	Track	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48063.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-48063
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48063
2233949		https://bugzilla.redhat.com/show_bug.cgi?id=2233949
cpe:2.3:a:gnu:binutils::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils::::::::
CVE-2022-48063		https://nvd.nist.gov/vuln/detail/CVE-2022-48063
gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd		https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
ntap-20231006-0008		https://security.netapp.com/advisory/ntap-20231006-0008/
show_bug.cgi?id=29924		https://sourceware.org/bugzilla/show_bug.cgi?id=29924
USN-6413-1		https://usn.ubuntu.com/6413-1/
USN-6655-1		https://usn.ubuntu.com/6655-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48063

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T15:30:27Z/ Found at https://security.netapp.com/advisory/ntap-20231006-0008/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T15:30:27Z/ Found at https://sourceware.org/bugzilla/show_bug.cgi?id=29924

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T15:30:27Z/ Found at https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd

Exploit Prediction Scoring System (EPSS)

Percentile	0.00843
EPSS Score	0.0001
Published At	Aug. 10, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:36:45.819136+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/6655-1/	37.0.0