CVE-2014-8738Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write8 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
8.0%
top 7.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU BinutilsCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedJan 15
Latest updateMay 17

Description

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/binutils< 2.24.90.20141124-1+3
NVDgnu/binutils2.24

Also affects: Debian Linux 7.0, Fedora 20, 21, Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

3
GHSA
GHSA-p59q-qc7h-7hgg: The _bfd_slurp_extended_name_table function in bfd/archive2022-05-17
CVEList
CVE-2014-8738: The _bfd_slurp_extended_name_table function in bfd/archive2015-01-15
OSV
CVE-2014-8738: The _bfd_slurp_extended_name_table function in bfd/archive2015-01-15

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2015-02-09
Red Hat
binutils: out of bounds memory write2014-11-02
Debian
CVE-2014-8738: binutils - The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.2...2014

💬Community

1
Bugzilla
CVE-2014-8738 binutils: out of bounds memory write2014-11-11
CVE-2014-8738 — GNU Binutils vulnerability | cvebase