CVE-2014-9939 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 40.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils GNU GDB

Timeline

PublishedMar 21

Latest updateMay 17

Description

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debiangnu/binutils< 2.25.90.20151125-1+3

▶NVDgnu/binutils2.25

▶Debiangnu/gdb< 7.10-1+3

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-84xq-q4jm-5r6c: ihex↗2022-05-17

▶

OSV

gdb vulnerabilities↗2017-07-26

▶

OSV

CVE-2014-9939: ihex↗2017-03-21

▶

CVEList

CVE-2014-9939: ihex↗2017-03-21

▶

📋Vendor Advisories

Ubuntu

gdb vulnerabilities↗2017-07-26

▶

Red Hat

binutils: buffer overflow in ihex.c↗2015-07-31

▶

Debian

CVE-2014-9939: binutils - ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printin...↗2014

▶

💬Community

Bugzilla

CVE-2014-9939 binutils: buffer overflow in ihex.c↗2015-08-04

▶