CVE-2012-3509
Published: 5 September 2012
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
binutils Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.20.1-3ubuntu7.2)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(2.22-6ubuntu1.2)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Not vulnerable
(2.24-5ubuntu3)
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(2.24.90.20141014-0ubuntu3)
|
|
Patches: upstream: http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html upstream: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=191413 |