CVE-2023-25585— Field `file_table` of `struct module *module` is uninitialized

CVSS 4.7 · Medium EPSS 0.02% · P6 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-25585

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Field `file_table` of `struct module *module` is uninitialized

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用未经初始化的变量

Source: NVD (National Vulnerability Database)

Vulnerability Title

GNU Binutils 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GNU Binutils（GNU Binary Utilities或binutils）是美国GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件，并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils存在安全漏洞，该漏洞源于没有正确初始化struct模块的file_table字段和asymbol的the_bfd字段，攻击者可能会利用此漏洞导致崩溃。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
-	binutils	-	-
Red Hat	Red Hat Enterprise Linux 6	-	`cpe:/o:redhat:enterprise_linux:6`
Red Hat	Red Hat Enterprise Linux 7	-	`cpe:/o:redhat:enterprise_linux:7`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 9	-	`cpe:/o:redhat:enterprise_linux:9`
Red Hat	Red Hat Enterprise Linux 9	-	`cpe:/o:redhat:enterprise_linux:9`
Fedora	Fedora 37	-	-
Fedora	Fedora 37	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora 37	-	-
Fedora	Fedora 36	-	-
Fedora	Extra Packages for Enterprise Linux 8	-	-
Fedora	Fedora 37	-	-
Fedora	Extra Packages for Enterprise Linux 7	-	-
Fedora	Extra Packages for Enterprise Linux 8	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora	-	-
Fedora	Fedora 36	-	-
Fedora	Fedora 36	-	-

II. Public POCs for CVE-2023-25585

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-25585

请登录查看更多情报信息。

https://access.redhat.com/security/cve/CVE-2023-25585vdb-entryx_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20231103-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=29892
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
https://bugzilla.redhat.com/show_bug.cgi?id=2167498issue-trackingx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2023-25585

Same Patch Batch · n/a · 2023-09-14 · 41 CVEs total

CVE-2023-26141	7.5 HIGH	Mike Perham sidekiq 数据伪造问题漏洞
CVE-2023-25584	6.3 MEDIUM	Out of bounds read in parse_module function in bfd/vms-alpha.c
CVE-2023-32611	5.5 MEDIUM	G_variant_byteswap() can take a long time with some non-normal inputs
CVE-2023-29499	5.5 MEDIUM	Gvariant offset table entry size is not checked in is_normal()
CVE-2023-32665	5.5 MEDIUM	Gvariant deserialisation does not match spec for non-normal data
CVE-2023-25586	4.7 MEDIUM	Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitial
CVE-2023-25588	4.7 MEDIUM	Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab
CVE-2023-4965	2.7 LOW	phpipam Header redirect
CVE-2023-37755		i-doit 信任管理问题漏洞
CVE-2023-41588		Atlassian Jira plugin Time to SLA 跨站脚本漏洞
CVE-2023-37739		i-doit 路径遍历漏洞
CVE-2023-41011		China Mobile Intelligent Home Gateway 命令注入漏洞
CVE-2023-39286		Mitel Connect Mobility Router 跨站请求伪造漏洞
CVE-2023-39285		Mitel MiVoice Connect 跨站请求伪造漏洞
CVE-2023-41010		China Telecom Tianyi Home Gateway 安全漏洞
CVE-2023-40779		IceWarp Mail Server 输入验证错误漏洞
CVE-2023-36250		GNOME Time Tracker 注入漏洞
CVE-2023-42180		Lenosp 代码问题漏洞
CVE-2023-42178		Lenosp SQL注入漏洞
CVE-2021-28485		Ericsson Mobile Switching Center Server 路径遍历漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: binutils

Same vendor: n/a

Same weakness: CWE-457

V. Comments for CVE-2023-25585

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-25585— Field `file_table` of `struct module *module` is uninitialized

I. Basic Information for CVE-2023-25585

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-25585

III. Intelligence Information for CVE-2023-25585

Same Patch Batch · n/a · 2023-09-14 · 41 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-25585

Leave a comment