CVE-2014-8501
Published: 9 December 2014
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
Notes
| Author | Note |
|---|---|
| sbeattie | binutils USN description: Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
binutils Launchpad, Ubuntu, Debian |
lucid |
Released
(2.20.1-3ubuntu7.2)
|
| precise |
Released
(2.22-6ubuntu1.2)
|
|
| trusty |
Released
(2.24-5ubuntu3.1)
|
|
| upstream |
Needs triage
|
|
| utopic |
Released
(2.24.90.20141014-0ubuntu3.1)
|
|
| vivid |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
| wily |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
| xenial |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
| yakkety |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
| zesty |
Not vulnerable
(2.24.90.20141111-2ubuntu1)
|
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e |
||
|
gdb Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Released
(7.7.1-0ubuntu5~14.04.3)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(7.11.1-0ubuntu1~16.04)
|
|
| yakkety |
Not vulnerable
(7.11.90.20161005-0ubuntu2)
|
|
| zesty |
Not vulnerable
(7.12.50.20170314-0ubuntu1)
|
|