CVE-2012-3509 — Integer Overflow or Wraparound in Binutils
CWE-189CWE-190 — Integer Overflow or WraparoundCWE-122 — Heap-based Buffer Overflow13 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
1.7%
top 17.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 5
Latest updateMay 17
Description
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages2 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 14.04, 14.10
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-pjv6-3frr-mr92: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc↗2022-05-17
OSV▶
CVE-2012-3509: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc↗2012-09-05
CVEList▶
CVE-2012-3509: Multiple integer overflows in the (1) _objalloc_alloc function in objalloc↗2012-09-05
📋Vendor Advisories
3💬Community
6Bugzilla▶
CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary [fedora-all]↗2012-09-26