Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8485

Опубликовано: 24 окт. 2014
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

A buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.

Отчет

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Developer Toolset 2.1devtoolset-2-binutilsWill not fix
Red Hat Enterprise Linux 5binutilsWill not fix
Red Hat Enterprise Linux 5binutils220Will not fix
Red Hat Enterprise Linux 6binutilsWill not fix
Red Hat Enterprise Linux 6mingw32-binutilsWill not fix
Red Hat Enterprise Linux 7binutilsFixedRHSA-2015:207919.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-822
https://bugzilla.redhat.com/show_bug.cgi?id=1157276binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()

EPSS

Процентиль: 89%
0.04328
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8485

ubuntu
больше 10 лет назад

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

nvd логотип

CVE-2014-8485

nvd
больше 10 лет назад

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

debian логотип

CVE-2014-8485

debian
больше 10 лет назад

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 a ...

github логотип

GHSA-67h2-mpm8-hmxf

github
больше 3 лет назад

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

oracle-oval логотип

ELSA-2015-2079

oracle-oval
почти 10 лет назад

ELSA-2015-2079: binutils security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 89%
0.04328
Низкий

6.8 Medium

CVSS2