Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4807Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
7.5HIGHNVD
EPSS
6.3%
top 9.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
GNU BinutilsCanonical Ubuntu Linux
Timeline
PublishedDec 31
Latest updateMay 1

Description

Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDgnu/binutils< 2.17
Debiangnu/binutils< 2.17-1+3

Also affects: Ubuntu Linux 5.04, 5.10

Patches

Patch: bugs.gentoo.orgPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-f884-r5wp-g6v3: Stack-based buffer overflow in the as_bad function in messages2022-05-01
CVEList
CVE-2005-4807: Stack-based buffer overflow in the as_bad function in messages2006-08-18
OSV
CVE-2005-4807: Stack-based buffer overflow in the as_bad function in messages2005-12-31

💥Exploits & PoCs

1
Exploit-DB
GNU BinUtils 2.1x - GAS Buffer Overflow2006-08-17

📋Vendor Advisories

2
Debian
CVE-2005-4807: binutils - Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (...2005
Red Hat
CVE-2005-4807: Stack-based buffer overflow in the as_bad function in messages
CVE-2005-4807 — GNU Binutils vulnerability | cvebase