CVE-2014-8484 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-839 — Numeric Range Comparison Without Minimum Check8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

2.8%

top 13.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils Canonical Ubuntu Linux Fedoraproject Fedora

Timeline

PublishedDec 9

Latest updateMay 17

Description

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.24.51.20140903-1+3

▶NVDgnu/binutils2.24

Also affects: Fedora 19, 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-4xrc-9849-6cr3: The srec_scan function in bfd/srec↗2022-05-17

▶

OSV

CVE-2014-8484: The srec_scan function in bfd/srec↗2014-12-09

▶

CVEList

CVE-2014-8484: The srec_scan function in bfd/srec↗2014-12-09

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2015-02-09

▶

Red Hat

binutils: invalid read flaw in libbfd↗2014-10-20

▶

Debian

CVE-2014-8484: binutils - The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allo...↗2014

▶

💬Community

Bugzilla

CVE-2014-8484 binutils: invalid read flaw in libbfd↗2014-10-24

▶