CVE-2014-8501
Published: 9 December 2014
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
Notes
Author | Note |
---|---|
sbeattie | binutils USN description: Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. |
Priority
Status
Package | Release | Status |
---|---|---|
binutils Launchpad, Ubuntu, Debian |
lucid |
Released
(2.20.1-3ubuntu7.2)
|
precise |
Released
(2.22-6ubuntu1.2)
|
|
trusty |
Released
(2.24-5ubuntu3.1)
|
|
upstream |
Needs triage
|
|
utopic |
Released
(2.24.90.20141014-0ubuntu3.1)
|
|
vivid |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
wily |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
xenial |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
yakkety |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
zesty |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e |
||
gdb Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(7.7.1-0ubuntu5~14.04.3)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(7.11.1-0ubuntu1~16.04)
|
|
yakkety |
Not vulnerable
(7.11.90.20161005-0ubuntu2)
|
|
zesty |
Not vulnerable
(7.12.50.20170314-0ubuntu1)
|