exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

CVE-2022-4285

Status Candidate

Overview

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

Related Files

Ubuntu Security Notice USN-6544-1
Posted Dec 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-19726, CVE-2022-35205, CVE-2022-38533, CVE-2022-4285
SHA-256 | 9f2d15cd39eb8aa25961b37f885531e1ac117b562c6ee00429e116f924ee59f1
Red Hat Security Advisory 2023-7394-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7394-01 - An update for binutils is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4285
SHA-256 | 46970c8469ddba80ca17ba60c89e56c1547502aa32725b53826c71afd9cab02e
Red Hat Security Advisory 2023-6593-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6593-01 - An update for binutils is now available for Red Hat Enterprise Linux 9. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4285
SHA-256 | 7a09aa07f9f63c58027888c2722808e5f6a6aabbf723e45f017d87300be92a8d
Red Hat Security Advisory 2023-6236-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4285
SHA-256 | 6159a177bdaeacd45d6c19f682a3b8650a38b16ed2d90f990212796a624405f6
Gentoo Linux Security Advisory 202309-15
Posted Oct 2, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2022-38126, CVE-2022-38127, CVE-2022-38128, CVE-2022-38533, CVE-2022-4285, CVE-2023-1579, CVE-2023-1972
SHA-256 | 86ddcc309764b6b66059868311e9f0b2422e461c8da2f228600256baa9c81ff0
Gentoo Linux Security Advisory 202305-32
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-32885, CVE-2022-32886, CVE-2022-32888, CVE-2022-32891, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-42826, CVE-2022-42852, CVE-2022-42856, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691
SHA-256 | 906ab1ece4af058a436e7f776c3157d7dbe079d880f2fc7014b44b4ea3fab838
Red Hat Security Advisory 2023-3269-01
Posted May 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-3826, CVE-2022-4285
SHA-256 | a289180fa7285e4d383b228c646180c2d4e702f9b90480dcf8cd3802e8af9b79
Red Hat Security Advisory 2023-2834-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-32886, CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-42826, CVE-2022-42852, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699
SHA-256 | 6a679e9dc0d3212115b238f42e43baea6a5e8542be4f1c84823386414d8836cb
Red Hat Security Advisory 2023-2873-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2873-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4285
SHA-256 | 2511429317e75ef67435d655c0c9a8627cffcaa58f29c2dd01de3bac59fa5fe3
Red Hat Security Advisory 2023-2256-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-32886, CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-42826, CVE-2022-42852, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699
SHA-256 | c78b6b040671645ff6447422206821720744b5b0c57d3fee6c3de3b6593dcdbb
Apple Security Advisory 2023-01-23-3
Posted Jan 24, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple, ios
advisories | CVE-2022-42856
SHA-256 | ca20c54235d1a4f84eeec3a278849a37e4ef1d9e2f491eaed9b3aa083fde48a7
libCoreEntitlements CEContextQuery Arbitrary Entitlement Returns
Posted Jan 13, 2023
Authored by Ivan Fratric, Google Security Research

On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER structure in a subtly different way, which allows one API to see one set of entitlements and another API to see a different set of entitlements.

tags | exploit, kernel
systems | apple, ios
advisories | CVE-2022-42855
SHA-256 | 9313c983a56ba7500d8b9861b16b1c103ae3a9454de12a836126f89cec59a1b8
Ubuntu Security Notice USN-5797-1
Posted Jan 10, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-42852, CVE-2022-46698
SHA-256 | 7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cd
Red Hat Security Advisory 2023-0021-01
Posted Jan 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0021-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2022-42856
SHA-256 | 380feba1edc129a40491caee760575dd2da40706caf7f32c9ef7e91807e7c062
Red Hat Security Advisory 2023-0016-01
Posted Jan 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0016-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

tags | advisory, web, code execution
systems | linux, redhat
advisories | CVE-2022-42856
SHA-256 | 856ff1b00766475f24b08c50c63bdd2842a0f41702c155c94a49b75d00a796f3
Debian Security Advisory 5309-1
Posted Jan 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
SHA-256 | b6a4ddff8422c104447a74d4cd2afa4b8991b2e496ca694ad77acf12e52cc9e6
Debian Security Advisory 5308-1
Posted Jan 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
SHA-256 | 14928aa1c41eb7f7fba504e112497c87923df5cb9caf334ac3fa7072e2ab78aa
Apple Security Advisory 2022-12-13-9
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2022-42852, CVE-2022-42856, CVE-2022-42863, CVE-2022-42867, CVE-2022-46691, CVE-2022-46692, CVE-2022-46696, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
SHA-256 | 87491cf833b3a49e10aa9918314bf6489321d8e04cec6939d195cb3f70c77dc2
Apple Security Advisory 2022-12-13-8
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, overflow, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2022-40303, CVE-2022-40304, CVE-2022-42837, CVE-2022-42842, CVE-2022-42843, CVE-2022-42845, CVE-2022-42849, CVE-2022-42852, CVE-2022-42859, CVE-2022-42863, CVE-2022-42864, CVE-2022-42865, CVE-2022-42866, CVE-2022-42867
SHA-256 | cbfa8ceb09614901b4b0bb05115fb58ae50c3fb04ef6395b18e75c81436f174b
Apple Security Advisory 2022-12-13-7
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, overflow, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2022-40303, CVE-2022-40304, CVE-2022-42842, CVE-2022-42843, CVE-2022-42845, CVE-2022-42848, CVE-2022-42849, CVE-2022-42851, CVE-2022-42852, CVE-2022-42855, CVE-2022-42856, CVE-2022-42863, CVE-2022-42864, CVE-2022-42865
SHA-256 | 74ff4e02487d4bc615b6697e750a64c98e8fc416e7a5b739eed037fe127f069f
Apple Security Advisory 2022-12-13-5
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-32942, CVE-2022-40303, CVE-2022-40304, CVE-2022-42821, CVE-2022-42840, CVE-2022-42841, CVE-2022-42842, CVE-2022-42845, CVE-2022-42854, CVE-2022-42855, CVE-2022-42861, CVE-2022-42864, CVE-2022-46689
SHA-256 | 79a709b247d426bc8ab1d7a71fb6c94fddc8ffaba7db1441df2a880027444228
Apple Security Advisory 2022-12-13-4
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2022-24836, CVE-2022-29181, CVE-2022-32942, CVE-2022-32943, CVE-2022-42837, CVE-2022-42840, CVE-2022-42841, CVE-2022-42842, CVE-2022-42843, CVE-2022-42845, CVE-2022-42847, CVE-2022-42852, CVE-2022-42853, CVE-2022-42854
SHA-256 | b3bbef4a98914d0e5167d5e357e15f513f9d357c6df7cfdad446ecc8856061ac
Apple Security Advisory 2022-12-13-3
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple, ios
advisories | CVE-2022-42856
SHA-256 | 3b5d9bba95f3634a64c2835668e5a726e2c51758bd9516987236fb25666d5d7f
Apple Security Advisory 2022-12-13-2
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

tags | advisory, overflow, spoof, vulnerability, code execution
systems | apple, ios
advisories | CVE-2022-40303, CVE-2022-40304, CVE-2022-42837, CVE-2022-42840, CVE-2022-42846, CVE-2022-42848, CVE-2022-42852, CVE-2022-42855, CVE-2022-42856, CVE-2022-42861, CVE-2022-42864, CVE-2022-46689, CVE-2022-46691, CVE-2022-46692
SHA-256 | e526cdedd8ce35da09dee49922c773c4c21c09a4f4ffb9a56567d00adb6def9c
Apple Security Advisory 2022-12-13-1
Posted Dec 22, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability, code execution
systems | apple, ios
advisories | CVE-2022-32943, CVE-2022-42837, CVE-2022-42840, CVE-2022-42842, CVE-2022-42843, CVE-2022-42844, CVE-2022-42845, CVE-2022-42846, CVE-2022-42848, CVE-2022-42849, CVE-2022-42850, CVE-2022-42851, CVE-2022-42852, CVE-2022-42855
SHA-256 | 78f3785639474b90779ccf98f62a9a102f01f943fd8dbf08927b91ea945c5a8c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close