{"id":"UBUNTU-CVE-2022-4285","details":"An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.","modified":"2026-02-04T02:39:46.305468Z","published":"2023-01-27T18:15:00Z","related":["USN-6544-1","USN-6842-1"],"upstream":["CVE-2022-4285"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4285"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-4285"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6544-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-4285"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6842-1"}],"affected":[{"package":{"name":"gdb","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gdb@7.11.1-0ubuntu1~16.5+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.11.1-0ubuntu1~16.5+esm1"}]}],"versions":["7.10-1ubuntu2","7.10-1ubuntu3","7.10.1-0ubuntu1","7.10.90.20160215-0ubuntu2","7.10.90.20160220-0ubuntu1","7.11-0ubuntu1","7.11.1-0ubuntu1~16.04","7.11.1-0ubuntu1~16.5"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"7.11.1-0ubuntu1~16.5+esm1","binary_name":"gdb"},{"binary_version":"7.11.1-0ubuntu1~16.5+esm1","binary_name":"gdb-multiarch"},{"binary_version":"7.11.1-0ubuntu1~16.5+esm1","binary_name":"gdb-source"},{"binary_version":"7.11.1-0ubuntu1~16.5+esm1","binary_name":"gdb64"},{"binary_version":"7.11.1-0ubuntu1~16.5+esm1","binary_name":"gdbserver"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils-avr","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/binutils-avr@2.25+Atmel3.5.0-2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.24+Atmel3.4.5-1","2.25+Atmel3.5.0","2.25+Atmel3.5.0-1","2.25+Atmel3.5.0-2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.25+Atmel3.5.0-2","binary_name":"binutils-avr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"gdb","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gdb@8.1.1-0ubuntu1+esm1?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.1-0ubuntu1+esm1"}]}],"versions":["8.0.1-0ubuntu1","8.0.1-0ubuntu2","8.0.1-0ubuntu3","8.1-0ubuntu1","8.1-0ubuntu2","8.1-0ubuntu3","8.1-0ubuntu3.1","8.1-0ubuntu3.2","8.1.1-0ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"8.1.1-0ubuntu1+esm1","binary_name":"gdb"},{"binary_version":"8.1.1-0ubuntu1+esm1","binary_name":"gdb-multiarch"},{"binary_version":"8.1.1-0ubuntu1+esm1","binary_name":"gdb-source"},{"binary_version":"8.1.1-0ubuntu1+esm1","binary_name":"gdbserver"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils-avr","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/binutils-avr@2.26.20160125+Atmel3.6.0-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.26.20160125+Atmel3.6.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.26.20160125+Atmel3.6.0-1","binary_name":"binutils-avr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"gdb","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/gdb@9.2-0ubuntu1~20.04.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2-0ubuntu1~20.04.2"}]}],"versions":["8.3-0ubuntu1","9.0.50.20191019-0ubuntu1","9.0.50.20191119-0ubuntu1","9.0.90.20191216-0ubuntu1","9.0.90.20200105-0ubuntu1","9.0.90.20200117-0ubuntu1","9.1-0ubuntu1","9.2-0ubuntu1~20.04","9.2-0ubuntu1~20.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"9.2-0ubuntu1~20.04.2","binary_name":"gdb"},{"binary_version":"9.2-0ubuntu1~20.04.2","binary_name":"gdb-multiarch"},{"binary_version":"9.2-0ubuntu1~20.04.2","binary_name":"gdb-source"},{"binary_version":"9.2-0ubuntu1~20.04.2","binary_name":"gdbserver"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils-avr","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/binutils-avr@2.26.20160125+Atmel3.6.2-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.26.20160125+Atmel3.6.1-4build1","2.26.20160125+Atmel3.6.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.26.20160125+Atmel3.6.2-1","binary_name":"binutils-avr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/binutils@2.38-4ubuntu2.4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.38-4ubuntu2.4"}]}],"versions":["2.37-7ubuntu1","2.37-9ubuntu1","2.37-10ubuntu1","2.37.50.20220106-2ubuntu1","2.37.90.20220126-0ubuntu1","2.37.90.20220130-0ubuntu2","2.38-1ubuntu1","2.38-2ubuntu1","2.38-3ubuntu1","2.38-4ubuntu2","2.38-4ubuntu2.1","2.38-4ubuntu2.2","2.38-4ubuntu2.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-aarch64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-alpha-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-arm-linux-gnueabi"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-arm-linux-gnueabihf"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-common"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-dev"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-for-build"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-for-host"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-hppa-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-hppa64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-i686-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-i686-kfreebsd-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-i686-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-ia64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-m68k-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-multiarch"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-multiarch-dev"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-powerpc-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-powerpc64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-powerpc64le-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-riscv64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-s390x-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-sh4-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-source"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-sparc64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-x86-64-kfreebsd-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-x86-64-linux-gnu"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"binutils-x86-64-linux-gnux32"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"libbinutils"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"libctf-nobfd0"},{"binary_version":"2.38-4ubuntu2.4","binary_name":"libctf0"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils-avr","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/binutils-avr@2.26.20160125+Atmel3.6.2-4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.26.20160125+Atmel3.6.2-2","2.26.20160125+Atmel3.6.2-3","2.26.20160125+Atmel3.6.2-4"],"ecosystem_specific":{"binaries":[{"binary_version":"2.26.20160125+Atmel3.6.2-4","binary_name":"binutils-avr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"gdb","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/gdb@12.1-0ubuntu1~22.04.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.1-0ubuntu1~22.04.2"}]}],"versions":["11.1-0ubuntu2","11.1-0ubuntu3","11.2-0ubuntu1","12.0.50.20220217-0ubuntu1","12.0.90-0ubuntu1","12.1-0ubuntu1~22.04"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"12.1-0ubuntu1~22.04.2","binary_name":"gdb"},{"binary_version":"12.1-0ubuntu1~22.04.2","binary_name":"gdb-multiarch"},{"binary_version":"12.1-0ubuntu1~22.04.2","binary_name":"gdb-source"},{"binary_version":"12.1-0ubuntu1~22.04.2","binary_name":"gdbserver"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils-avr","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/binutils-avr@2.26.20160125+Atmel3.7.0-2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.26.20160125+Atmel3.6.2-8","2.26.20160125+Atmel3.7.0-1","2.26.20160125+Atmel3.7.0-2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.26.20160125+Atmel3.7.0-2","binary_name":"binutils-avr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}},{"package":{"name":"binutils-avr","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/binutils-avr@2.43.50.20250108-1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.43.50.20250108-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.43.50.20250108-1","binary_name":"binutils-avr"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4285.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}