CVE-2014-8501 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils
Severity
7.5HIGHNVD
EPSS
7.9%
top 7.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 9
Latest updateMay 17
Description
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages3 packages
Also affects: Fedora 19, 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10
🔴Vulnerability Details
5📋Vendor Advisories
4💬Community
10Bugzilla▶
CVE-2014-8501 msp430-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]↗2014-11-11
Bugzilla▶
CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all]↗2014-11-11
Bugzilla▶
CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]↗2014-11-11
Bugzilla▶
CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]↗2014-11-11
Bugzilla▶
CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all]↗2014-11-11