CVE-2023-25584— Out of bounds read in parse_module function in bfd/vms-alpha.c

CVSS 6.3 · Medium EPSS 0.01% · P3 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-25584

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Out of bounds read in parse_module function in bfd/vms-alpha.c

Source: NVD (National Vulnerability Database)

Vulnerability Description

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存读

Source: NVD (National Vulnerability Database)

Vulnerability Title

GNU Binutils 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GNU Binutils（GNU Binary Utilities或binutils）是美国GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件，并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils 存在安全漏洞，该漏洞源于没有正确验证vms-alpha中长度参数的大小，攻击者可能会利用此漏洞导致崩溃或访问敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
-	binutils	-	-
Red Hat	Red Hat Enterprise Linux 6	-	`cpe:/o:redhat:enterprise_linux:6`
Red Hat	Red Hat Enterprise Linux 7	-	`cpe:/o:redhat:enterprise_linux:7`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 9	-	`cpe:/o:redhat:enterprise_linux:9`
Red Hat	Red Hat Enterprise Linux 9	-	`cpe:/o:redhat:enterprise_linux:9`
Red Hat	Red Hat Enterprise Linux 9	-	`cpe:/o:redhat:enterprise_linux:9`
Fedora	Extra Packages for Enterprise Linux 8	-	-
Fedora	Fedora 37	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora	-	-
Fedora	Extra Packages for Enterprise Linux 7	-	-
Fedora	Fedora 37	-	-
Fedora	Fedora 37	-	-
Fedora	Fedora 36	-	-
Fedora	Extra Packages for Enterprise Linux 8	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora 37	-	-

II. Public POCs for CVE-2023-25584

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-25584

请登录查看更多情报信息。

https://security.netapp.com/advisory/ntap-20231103-0002/
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
https://access.redhat.com/security/cve/CVE-2023-25584vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2167467issue-trackingx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2023-25584

Same Patch Batch · n/a · 2023-09-14 · 41 CVEs total

CVE-2023-26141	7.5 HIGH	Mike Perham sidekiq 数据伪造问题漏洞
CVE-2023-32611	5.5 MEDIUM	G_variant_byteswap() can take a long time with some non-normal inputs
CVE-2023-29499	5.5 MEDIUM	Gvariant offset table entry size is not checked in is_normal()
CVE-2023-32665	5.5 MEDIUM	Gvariant deserialisation does not match spec for non-normal data
CVE-2023-25585	4.7 MEDIUM	Field `file_table` of `struct module *module` is uninitialized
CVE-2023-25586	4.7 MEDIUM	Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitial
CVE-2023-25588	4.7 MEDIUM	Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab
CVE-2023-4965	2.7 LOW	phpipam Header redirect
CVE-2023-37755		i-doit 信任管理问题漏洞
CVE-2023-41588		Atlassian Jira plugin Time to SLA 跨站脚本漏洞
CVE-2023-37739		i-doit 路径遍历漏洞
CVE-2023-41011		China Mobile Intelligent Home Gateway 命令注入漏洞
CVE-2023-39286		Mitel Connect Mobility Router 跨站请求伪造漏洞
CVE-2023-39285		Mitel MiVoice Connect 跨站请求伪造漏洞
CVE-2023-41010		China Telecom Tianyi Home Gateway 安全漏洞
CVE-2023-40779		IceWarp Mail Server 输入验证错误漏洞
CVE-2023-36250		GNOME Time Tracker 注入漏洞
CVE-2023-42180		Lenosp 代码问题漏洞
CVE-2023-42178		Lenosp SQL注入漏洞
CVE-2021-28485		Ericsson Mobile Switching Center Server 路径遍历漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: binutils

Same vendor: n/a

Same weakness: CWE-125

V. Comments for CVE-2023-25584

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-25584— Out of bounds read in parse_module function in bfd/vms-alpha.c

I. Basic Information for CVE-2023-25584

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-25584

III. Intelligence Information for CVE-2023-25584

Same Patch Batch · n/a · 2023-09-14 · 41 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-25584

Leave a comment