CVE-2014-8503

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html

http://secunia.com/advisories/62241

http://secunia.com/advisories/62746

http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

http://www.openwall.com/lists/oss-security/2014/10/31/1

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70868

http://www.ubuntu.com/usn/USN-2496-1

https://bugzilla.redhat.com/show_bug.cgi?id=1162607

https://security.gentoo.org/glsa/201612-24

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32

Details

Source: MITRE

Published: 2014-12-09

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
124934EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)NessusHuawei Local Security Checks
high
95640GLSA-201612-24 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
87550Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87346Amazon Linux AMI : binutils (ALAS-2015-620)NessusAmazon Linux Local Security Checks
high
87127CentOS 7 : binutils (CESA-2015:2079)NessusCentOS Local Security Checks
high
87018Oracle Linux 7 : binutils (ELSA-2015-2079)NessusOracle Linux Local Security Checks
high
86928RHEL 7 : binutils (RHSA-2015:2079)NessusRed Hat Local Security Checks
high
82301Debian DLA-184-1 : binutils security updateNessusDebian Local Security Checks
high
82064FreeBSD : GNU binutils -- multiple vulnerabilities (f6a014cd-d268-11e4-8339-001e679db764)NessusFreeBSD Local Security Checks
high
81255Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)NessusUbuntu Local Security Checks
high
81195Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1)NessusMandriva Local Security Checks
high
81076SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)NessusSuSE Local Security Checks
high
80894Fedora 20 : cross-binutils-2.25-3.fc20 (2015-0471)NessusFedora Local Security Checks
high
80444Debian DSA-3123-1 : binutils - security updateNessusDebian Local Security Checks
high
80326Fedora 20 : mingw-binutils-2.24-5.fc20 (2014-17603)NessusFedora Local Security Checks
high
80321Fedora 21 : mingw-binutils-2.25-1.fc21 (2014-17586)NessusFedora Local Security Checks
high
79766Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995)NessusFedora Local Security Checks
high
79763Fedora 19 : avr-binutils-2.24-3.fc19 (2014-14838)NessusFedora Local Security Checks
high
79748Fedora 20 : avr-binutils-2.24-3.fc20 (2014-14963)NessusFedora Local Security Checks
high