Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3509

Опубликовано: 29 авг. 2012
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Отчет

The versions of the gdb package, as shipped with Red Hat Enterprise Linux 5 and 6 are vulnerable to the original libiberty integer overflow flaw. But due the way of subsequent processing of the previously insufficiently pre-allocated libiberty buffer within gdb code, the impact of this issue is limited to crash only. Red Hat Security Response Team does not consider crash of end-user application, such as gdb, to be a security flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5binutilsUnder investigation
Red Hat Enterprise Linux 5binutils220Under investigation
Red Hat Enterprise Linux 5compat-gcc-295Not affected
Red Hat Enterprise Linux 5compat-gcc-296Not affected
Red Hat Enterprise Linux 5compat-gcc-32Not affected
Red Hat Enterprise Linux 5compat-gcc-34Not affected
Red Hat Enterprise Linux 5crashUnder investigation
Red Hat Enterprise Linux 5gccNot affected
Red Hat Enterprise Linux 5gcc44Not affected
Red Hat Enterprise Linux 5gdbNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=849693libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

EPSS

Процентиль: 82%
0.01748
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3509

ubuntu
больше 13 лет назад

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

nvd логотип

CVE-2012-3509

nvd
больше 13 лет назад

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

debian логотип

CVE-2012-3509

debian
больше 13 лет назад

Multiple integer overflows in the (1) _objalloc_alloc function in obja ...

suse-cvrf логотип

SUSE-OU-2015:1803-1

suse-cvrf
больше 10 лет назад

Optional update for gcc5, binutils and gdb

github логотип

GHSA-pjv6-3frr-mr92

github
больше 3 лет назад

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

EPSS

Процентиль: 82%
0.01748
Низкий

6.8 Medium

CVSS2