CVE-2014-8502Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow17 documents8 sources
Severity
7.5HIGHNVD
EPSS
10.7%
top 6.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU BinutilsCanonical Ubuntu LinuxFedoraproject Fedora
Timeline
PublishedDec 9
Latest updateMay 17

Description

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiangnu/binutils< 2.24.90.20141104-1+3
NVDgnu/binutils2.24

Also affects: Fedora 19, 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

3
GHSA
GHSA-chc4-43c9-qrj7: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen2022-05-17
CVEList
CVE-2014-8502: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen2014-12-09
OSV
CVE-2014-8502: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen2014-12-09

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2015-02-09
Red Hat
binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)2014-10-28
Debian
CVE-2014-8502: binutils - Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in G...2014

💬Community

10
Bugzilla
CVE-2014-8502 msp430-binutils: binutils: heap overflow in objdump [fedora-all]2014-11-11
Bugzilla
CVE-2014-8502 arm-none-eabi-binutils-cs: binutils: heap overflow in objdump [fedora-all]2014-11-11
Bugzilla
CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)2014-11-11
Bugzilla
CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump [epel-all]2014-11-11
Bugzilla
CVE-2014-8502 binutils: heap overflow in objdump [fedora-all]2014-11-11
CVE-2014-8502 — GNU Binutils vulnerability | cvebase