CVE-2014-8738

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html

http://secunia.com/advisories/62241

http://secunia.com/advisories/62746

http://www.debian.org/security/2015/dsa-3123

http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

http://www.openwall.com/lists/oss-security/2014/11/02/4

http://www.openwall.com/lists/oss-security/2014/11/05/7

http://www.openwall.com/lists/oss-security/2014/11/13/2

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/71083

http://www.ubuntu.com/usn/USN-2496-1

https://security.gentoo.org/glsa/201612-24

https://sourceware.org/bugzilla/show_bug.cgi?id=17533

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f

Details

Source: MITRE

Published: 2015-01-15

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
124934EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)NessusHuawei Local Security Checks
high
95640GLSA-201612-24 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
87550Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87346Amazon Linux AMI : binutils (ALAS-2015-620)NessusAmazon Linux Local Security Checks
high
87127CentOS 7 : binutils (CESA-2015:2079)NessusCentOS Local Security Checks
high
87018Oracle Linux 7 : binutils (ELSA-2015-2079)NessusOracle Linux Local Security Checks
high
86928RHEL 7 : binutils (RHSA-2015:2079)NessusRed Hat Local Security Checks
high
82301Debian DLA-184-1 : binutils security updateNessusDebian Local Security Checks
high
81255Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)NessusUbuntu Local Security Checks
high
81195Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1)NessusMandriva Local Security Checks
high
81076SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)NessusSuSE Local Security Checks
high
80897Fedora 21 : binutils-2.24-30.fc21 (2015-0750)NessusFedora Local Security Checks
medium
80894Fedora 20 : cross-binutils-2.25-3.fc20 (2015-0471)NessusFedora Local Security Checks
high
80444Debian DSA-3123-1 : binutils - security updateNessusDebian Local Security Checks
high
80326Fedora 20 : mingw-binutils-2.24-5.fc20 (2014-17603)NessusFedora Local Security Checks
high
80321Fedora 21 : mingw-binutils-2.25-1.fc21 (2014-17586)NessusFedora Local Security Checks
high
79766Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995)NessusFedora Local Security Checks
high
79765Fedora 21 : arm-none-eabi-binutils-cs-2014.05.28-3.fc21 (2014-14888)NessusFedora Local Security Checks
high
79764Fedora 19 : arm-none-eabi-binutils-cs-2014.05.28-3.fc19 (2014-14874)NessusFedora Local Security Checks
high
79763Fedora 19 : avr-binutils-2.24-3.fc19 (2014-14838)NessusFedora Local Security Checks
high
79748Fedora 20 : avr-binutils-2.24-3.fc20 (2014-14963)NessusFedora Local Security Checks
high
79747Fedora 20 : arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (2014-14833)NessusFedora Local Security Checks
high