Search for vulnerabilities
Vulnerability details: VCID-7kf5-zqe2-aaag
Vulnerability ID VCID-7kf5-zqe2-aaag
Aliases CVE-2022-38533
Summary In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38533.json
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00017 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2022-38533
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=2124569
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38533
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38533
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38533.json
https://api.first.org/data/v1/epss?cve=CVE-2022-38533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38533
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/
https://security.netapp.com/advisory/ntap-20221104-0007/
https://sourceware.org/bugzilla/show_bug.cgi?id=29482
https://sourceware.org/bugzilla/show_bug.cgi?id=29482#c2
https://sourceware.org/bugzilla/show_bug.cgi?id=29495
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=45d92439aebd0386ef8af76e1796d08cfe457e1d
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45d92439aebd0386ef8af76e1796d08cfe457e1d
2124569 https://bugzilla.redhat.com/show_bug.cgi?id=2124569
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533
GLSA-202309-15 https://security.gentoo.org/glsa/202309-15
USN-5762-1 https://usn.ubuntu.com/5762-1/
USN-6544-1 https://usn.ubuntu.com/6544-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38533.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38533
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38533
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.00531
EPSS Score 0.0001
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.