CVE-2014-8485

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

References

http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html

http://secunia.com/advisories/62241

http://secunia.com/advisories/62746

http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

http://www.openwall.com/lists/oss-security/2014/10/26/2

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70741

http://www.ubuntu.com/usn/USN-2496-1

https://bugzilla.redhat.com/show_bug.cgi?id=1157276

https://security.gentoo.org/glsa/201612-24

https://sourceware.org/bugzilla/show_bug.cgi?id=17510

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=493a33860c71cac998f1a56d6d87d6faa801fbaa

Details

Source: MITRE

Published: 2014-12-09

Updated: 2017-07-01

Type: CWE-94

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* versions up to 2.24 (inclusive)

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
124934EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)NessusHuawei Local Security Checks
high
95640GLSA-201612-24 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
87550Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87346Amazon Linux AMI : binutils (ALAS-2015-620)NessusAmazon Linux Local Security Checks
high
87127CentOS 7 : binutils (CESA-2015:2079)NessusCentOS Local Security Checks
high
87018Oracle Linux 7 : binutils (ELSA-2015-2079)NessusOracle Linux Local Security Checks
high
86928RHEL 7 : binutils (RHSA-2015:2079)NessusRed Hat Local Security Checks
high
82301Debian DLA-184-1 : binutils security updateNessusDebian Local Security Checks
high
81255Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)NessusUbuntu Local Security Checks
high
81195Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1)NessusMandriva Local Security Checks
high
81076SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)NessusSuSE Local Security Checks
high
80444Debian DSA-3123-1 : binutils - security updateNessusDebian Local Security Checks
high
79766Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995)NessusFedora Local Security Checks
high
79765Fedora 21 : arm-none-eabi-binutils-cs-2014.05.28-3.fc21 (2014-14888)NessusFedora Local Security Checks
high
79764Fedora 19 : arm-none-eabi-binutils-cs-2014.05.28-3.fc19 (2014-14874)NessusFedora Local Security Checks
high
79763Fedora 19 : avr-binutils-2.24-3.fc19 (2014-14838)NessusFedora Local Security Checks
high
79748Fedora 20 : avr-binutils-2.24-3.fc20 (2014-14963)NessusFedora Local Security Checks
high
79747Fedora 20 : arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (2014-14833)NessusFedora Local Security Checks
high