Vulnerability CVE-2014-8484


Published: 2014-12-09   Modified: 2016-11-28

Description:
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Vendor: Fedoraproject
Product: Fedora 
Version:
21
20
19
Vendor: GNU
Product: Binutils 
Version: 2.24;
Vendor: Canonical
Product: Ubuntu linux 
Version:
14.10
14.04
12.04
10.04

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html
http://openwall.com/lists/oss-security/2014/10/23/5
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
http://www.openwall.com/lists/oss-security/2014/10/26/2
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70714
http://www.ubuntu.com/usn/USN-2496-1
https://bugzilla.redhat.com/show_bug.cgi?id=1156272
https://sourceware.org/bugzilla/show_bug.cgi?id=17509
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f

Related CVE
CVE-2016-6489
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2016-0727
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users wi...
CVE-2015-8567
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
CVE-2017-7358
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
CVE-2017-6964
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged use...
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVE-2017-6507
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were in...

Copyright 2017, cxsecurity.com