CVE-2014-8484MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
References
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html
http://openwall.com/lists/oss-security/2014/10/23/5
http://secunia.com/advisories/62241
http://secunia.com/advisories/62746
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
http://www.openwall.com/lists/oss-security/2014/10/26/2
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70714
http://www.ubuntu.com/usn/USN-2496-1
https://bugzilla.redhat.com/show_bug.cgi?id=1156272
https://security.gentoo.org/glsa/201612-24
https://sourceware.org/bugzilla/show_bug.cgi?id=17509
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* versions up to 2.24 (inclusive)
Configuration 2
OR
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124934 | EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431) | Nessus | Huawei Local Security Checks | high |
| 95640 | GLSA-201612-24 : Binutils: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 87550 | Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119) | Nessus | Scientific Linux Local Security Checks | high |
| 87346 | Amazon Linux AMI : binutils (ALAS-2015-620) | Nessus | Amazon Linux Local Security Checks | high |
| 87127 | CentOS 7 : binutils (CESA-2015:2079) | Nessus | CentOS Local Security Checks | high |
| 87018 | Oracle Linux 7 : binutils (ELSA-2015-2079) | Nessus | Oracle Linux Local Security Checks | high |
| 86928 | RHEL 7 : binutils (RHSA-2015:2079) | Nessus | Red Hat Local Security Checks | high |
| 82301 | Debian DLA-184-1 : binutils security update | Nessus | Debian Local Security Checks | high |
| 81255 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1) | Nessus | Ubuntu Local Security Checks | high |
| 81195 | Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1) | Nessus | Mandriva Local Security Checks | high |
| 81076 | SuSE 11.3 Security Update : binutils (SAT Patch Number 10214) | Nessus | SuSE Local Security Checks | high |
| 80444 | Debian DSA-3123-1 : binutils - security update | Nessus | Debian Local Security Checks | high |
| 79766 | Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995) | Nessus | Fedora Local Security Checks | high |
| 79763 | Fedora 19 : avr-binutils-2.24-3.fc19 (2014-14838) | Nessus | Fedora Local Security Checks | high |
| 79748 | Fedora 20 : avr-binutils-2.24-3.fc20 (2014-14963) | Nessus | Fedora Local Security Checks | high |