Vulnerability Details : CVE-2014-8502
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-8502
- cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8502
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8502
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8502
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8502
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html
[SECURITY] Fedora 19 Update: avr-binutils-2.24-3.fc19Third Party Advisory
-
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
sourceware.org Git - binutils-gdb.git/commitPatch;Issue Tracking
-
http://www.ubuntu.com/usn/USN-2496-1
USN-2496-1: GNU binutils vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://sourceware.org/bugzilla/show_bug.cgi?id=17512
17512 – libbfd/binutils: crashes on fuzzed samplesExploit;Issue Tracking
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html
[SECURITY] Fedora 20 Update: avr-binutils-2.24-3.fc20Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html
[SECURITY] Fedora 21 Update: avr-binutils-2.24-4.fc21Third Party Advisory
-
http://www.securityfocus.com/bid/70869
binutils CVE-2014-8502 Heap Based Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.openwall.com/lists/oss-security/2014/10/31/1
oss-security - Re: strings / libbfd crasherMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
1162594 – (CVE-2014-8502) CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)Issue Tracking
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
mandriva.comBroken Link
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html
[SECURITY] Fedora 21 Update: mingw-binutils-2.25-1.fc21Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html
[SECURITY] Fedora 20 Update: mingw-binutils-2.24-5.fc20Third Party Advisory
-
https://security.gentoo.org/glsa/201612-24
Binutils: Multiple vulnerabilities (GLSA 201612-24) — Gentoo security
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html
[SECURITY] Fedora 20 Update: cross-binutils-2.25-3.fc20Third Party Advisory
Jump to