Vulnerability Details : CVE-2014-8503
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-8503
- cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8503
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8503
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8503
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8503
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html
[SECURITY] Fedora 19 Update: avr-binutils-2.24-3.fc19Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2496-1
USN-2496-1: GNU binutils vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://sourceware.org/bugzilla/show_bug.cgi?id=17512
17512 – libbfd/binutils: crashes on fuzzed samplesExploit;Issue Tracking
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html
[SECURITY] Fedora 20 Update: avr-binutils-2.24-3.fc20Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html
[SECURITY] Fedora 21 Update: avr-binutils-2.24-4.fc21Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
1162607 – (CVE-2014-8503) CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex fileIssue Tracking
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.openwall.com/lists/oss-security/2014/10/31/1
oss-security - Re: strings / libbfd crasherMailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
mandriva.comBroken Link
-
http://www.securityfocus.com/bid/70868
binutils 'ihex.c' Stack Based Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html
[SECURITY] Fedora 21 Update: mingw-binutils-2.25-1.fc21Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html
[SECURITY] Fedora 20 Update: mingw-binutils-2.24-5.fc20Third Party Advisory
-
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
sourceware.org Git - binutils-gdb.git/commitPatch;Issue Tracking
-
https://security.gentoo.org/glsa/201612-24
Binutils: Multiple vulnerabilities (GLSA 201612-24) — Gentoo security
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html
[SECURITY] Fedora 20 Update: cross-binutils-2.25-3.fc20Third Party Advisory
Jump to