Published: 09/12/2014 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and previous versions allows remote malicious users to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu binutils
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19

Synopsis Moderate: binutils security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated binutils packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated this ...

Multiple security issues have been found in binutils, a toolbox for binary file manipulation These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service For ...

Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file ...

Several security issues were fixed in gdb ...

A directory traversal flaw was found in the strip and objcopy utilities A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities A buffer overflow flaw was found in the way various binutils utilities processed certain files If a user were tricked into processing a ...

A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility ...

CWE-119 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://www.openwall.com/lists/oss-security/2014/10/31/1 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html https://sourceware.org/bugzilla/show_bug.cgi?id=17512 https://bugzilla.redhat.com/show_bug.cgi?id=1162570 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html http://www.openwall.com/lists/oss-security/2014/10/26/3 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/70866 https://security.gentoo.org/glsa/201612-24 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7e1e19887abd24aeb15066b141cdff5541e0ec8e https://access.redhat.com/errata/RHSA-2015:2079 https://nvd.nist.gov https://usn.ubuntu.com/2496-1/https://access.redhat.com/security/cve/cve-2014-8501 https://www.debian.org/security/./dsa-3123

CVE-2014-8501

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect