CVE-2014-8737
published 2014-12-09CVE-2014-8737: Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name…
low3.6CVSS 3.1
AVLACLAuNCNIPAP
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | binutils | < binutils 2.24.90.20141124-1 (bookworm) | binutils 2.24.90.20141124-1 (bookworm) |
| debian | binutils-mingw-w64 | < binutils 2.24.90.20141124-1 (bookworm) | binutils 2.24.90.20141124-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | binutils | <= 2.24 | — |
| gnu | binutils | >= 0 < 2.24.90.20141124-1 | 2.24.90.20141124-1 |
| gnu | binutils | >= 0 < 2.24.90.20141124-1 | 2.24.90.20141124-1 |
| gnu | binutils | >= 0 < 2.24.90.20141124-1 | 2.24.90.20141124-1 |
| gnu | binutils | >= 0 < 2.24.90.20141124-1 | 2.24.90.20141124-1 |
| gnu | binutils | >= 0 < 2.24-5ubuntu3.1 | 2.24-5ubuntu3.1 |
CVSS provenance
nvd3.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv7.5HIGH