CVE-2022-47696: 
NixOS vulnerability analysis and mitigation

An issue was discovered in Binutils objdump before version 2.39.3 that allows attackers to cause a denial of service or other unspecified impacts via the function compare_symbols. The vulnerability was disclosed in December 2022 and published in August 2023, affecting GNU Binutils software package (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from an uninitialized field 'thebfd' of 'asymbol' in the function 'bfdmachogetsyntheticsymtab', which can lead to a segmentation fault when processing certain inputs (Sourceware Bugzilla).

The vulnerability can result in denial of service conditions and potentially other unspecified impacts when processing maliciously crafted input files. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected systems (NVD).

The vulnerability has been fixed in Binutils version 2.39.3. Various Linux distributions have released patched versions: Ubuntu 22.04 LTS (2.38-4ubuntu2.2), Ubuntu 20.04 LTS (2.34-6ubuntu1.5), Ubuntu 18.04 LTS (2.30-21ubuntu1~18.04.9), and Ubuntu 16.04 LTS (2.26.1-1ubuntu1~16.04.8+esm6). Users are advised to upgrade to the latest patched version (Ubuntu).