CVE-2014-8737 — Path Traversal in Binutils

CWE-22 — Path Traversal8 documents8 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 80.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils Canonical Ubuntu Linux Fedoraproject Fedora

Timeline

PublishedDec 9

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.24.90.20141124-1+3

▶NVDgnu/binutils2.24

Also affects: Fedora 19, 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-p54r-q4hv-rx4g: Multiple directory traversal vulnerabilities in GNU binutils 2↗2022-05-17

▶

OSV

CVE-2014-8737: Multiple directory traversal vulnerabilities in GNU binutils 2↗2014-12-09

▶

CVEList

CVE-2014-8737: Multiple directory traversal vulnerabilities in GNU binutils 2↗2014-12-09

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2015-02-09

▶

Red Hat

binutils: directory traversal vulnerability↗2014-11-04

▶

Debian

CVE-2014-8737: binutils - Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier al...↗2014

▶

💬Community

Bugzilla

CVE-2014-8737 binutils: directory traversal vulnerability↗2014-11-11

▶