{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2022/cve-2022-48064-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-04-20T09:18:27Z", "generator": { "date": "2026-04-20T09:18:27Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2022-48064-ELS_OS-RHEL7ELS", "initial_release_date": "2022-01-01T00:00:00Z", "revision_history": [ { "date": "2022-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-10T19:41:52Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-04-16T09:26:41Z", "number": "3", "summary": "Update document" }, { "date": "2026-04-20T09:18:27Z", "number": "4", "summary": "Update document" } ], "status": "final", "version": "4" }, "title": "Security update on CVE-2022-48064" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "binutils-0:2.27-44.base.el7_9.1.x86_64", "product": { "name": "binutils-0:2.27-44.base.el7_9.1.x86_64", "product_id": "binutils-0:2.27-44.base.el7_9.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/binutils@2.27-44.base.el7_9.1?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.x86_64", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.x86_64", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/binutils-devel@2.27-44.base.el7_9.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.i686", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.i686", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/binutils-devel@2.27-44.base.el7_9.1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.27-44.base.el7_9.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "product": { "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "product_id": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils@2.27-44.base.el7_9.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product": { "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_id": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils@2.27-44.base.el7_9.1.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.27-44.base.el7_9.1.tuxcare.els4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.27-44.base.el7_9.1.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "product": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "product_id": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.27-44.base.el7_9.1.tuxcare.els4?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64" }, "product_reference": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" }, "product_reference": "binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.27-44.base.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.x86_64" }, "product_reference": "binutils-0:2.27-44.base.el7_9.1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.x86_64" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.27-44.base.el7_9.1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.i686" }, "product_reference": "binutils-devel-0:2.27-44.base.el7_9.1.i686", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-48064", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "description", "text": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48064" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231006-0008/", "url": "https://security.netapp.com/advisory/ntap-20231006-0008/" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29922" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931" } ], "release_date": "2023-08-22T19:16:00Z", "remediations": [ { "category": "no_fix_planned", "details": "CVE-2022-48064 is a local-only denial‑of‑service in GNU binutils’ DWARF parser that occurs only when a user runs a binutils tool (e.g., objdump/readelf/addr2line) on a crafted ELF file, causing that analysis process to exhaust memory. It requires explicit user interaction, yields no code execution, and has no confidentiality or integrity impact—only availability of the invoked utility is affected. As binutils are standalone developer utilities rather than network‑exposed services or components in production execution paths, the practical risk to managed enterprise servers is minimal and this issue can be safely deprioritized.", "product_ids": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-0:2.27-44.base.el7_9.1.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els2.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.i686", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.tuxcare.els4.x86_64", "Red-Hat-7:binutils-devel-0:2.27-44.base.el7_9.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }