usn-2496-1
Vulnerability from osv_ubuntu
Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485)
Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8501)
Hanno Böck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8502)
Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737)
Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738)
Hanno Böck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash). (CVE-2014-8503)
Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code. (CVE-2014-8504)
Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS. (CVE-2014-8484)
Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. (CVE-2012-3509)
Alexander Cherepanov and Hanno Böck discovered multiple additional out-of-bounds reads and writes in GNU binutils. An attacker could use these to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. A few of these issues may be limited in exposure to a denial of service (application abort) by the GNU C library's Fortify Source printf protection.
The strings(1) utility in GNU binutils used libbfd by default when examining executable object files; unfortunately, libbfd was not originally developed with the expectation of hostile input. As a defensive measure, the behavior of strings has been changed to default to 'strings --all' behavior, which does not use libbfd; use the new argument to strings, '--data', to recreate the old behavior.
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2014-8484",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8485",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8501",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8502",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8503",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8504",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8737",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-8738",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "binutils",
"binary_version": "2.24-5ubuntu3.1"
},
{
"binary_name": "binutils-multiarch",
"binary_version": "2.24-5ubuntu3.1"
},
{
"binary_name": "binutils-source",
"binary_version": "2.24-5ubuntu3.1"
},
{
"binary_name": "binutils-static",
"binary_version": "2.24-5ubuntu3.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "binutils",
"purl": "pkg:deb/ubuntu/binutils@2.24-5ubuntu3.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24-5ubuntu3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.23.52.20130913-0ubuntu1",
"2.23.90.20131017-1ubuntu1",
"2.23.90.20131116-1ubuntu1",
"2.23.91.20131123-1ubuntu1",
"2.24-1ubuntu1",
"2.24-1ubuntu2",
"2.24-2ubuntu1",
"2.24-2ubuntu2",
"2.24-2ubuntu3",
"2.24-4ubuntu1",
"2.24-5ubuntu1",
"2.24-5ubuntu2",
"2.24-5ubuntu3"
]
}
],
"aliases": [],
"details": "Michal Zalewski discovered that the setup_group function in libbfd in\nGNU binutils did not properly check group headers in ELF files. An\nattacker could use this to craft input that could cause a denial\nof service (application crash) or possibly execute arbitrary code.\n(CVE-2014-8485)\n\nHanno B\u00f6ck discovered that the _bfd_XXi_swap_aouthdr_in function\nin libbfd in GNU binutils allowed out-of-bounds writes. An\nattacker could use this to craft input that could cause a denial\nof service (application crash) or possibly execute arbitrary code.\n(CVE-2014-8501)\n\nHanno B\u00f6ck discovered a heap-based buffer overflow in the\npe_print_edata function in libbfd in GNU binutils. An attacker\ncould use this to craft input that could cause a denial of service\n(application crash) or possibly execute arbitrary code. (CVE-2014-8502)\n\nAlexander Cherepanov discovered multiple directory traversal\nvulnerabilities in GNU binutils. An attacker could use this to craft\ninput that could delete arbitrary files. (CVE-2014-8737)\n\nAlexander Cherepanov discovered the _bfd_slurp_extended_name_table\nfunction in libbfd in GNU binutils allowed invalid writes when handling\nextended name tables in an archive. An attacker could use this to\ncraft input that could cause a denial of service (application crash)\nor possibly execute arbitrary code. (CVE-2014-8738)\n\nHanno B\u00f6ck discovered a stack-based buffer overflow in the ihex_scan\nfunction in libbfd in GNU binutils. An attacker could use this\nto craft input that could cause a denial of service (application\ncrash). (CVE-2014-8503)\n\nMichal Zalewski discovered a stack-based buffer overflow in the\nsrec_scan function in libbfd in GNU binutils. An attacker could\nuse this to to craft input that could cause a denial of service\n(application crash); the GNU C library\u0027s Fortify Source printf\nprotection should prevent the possibility of executing arbitrary code.\n(CVE-2014-8504)\n\nMichal Zalewski discovered that the srec_scan function in libbfd\nin GNU binutils allowed out-of-bounds reads. An attacker could\nuse this to craft input to cause a denial of service. This issue\nonly affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04\nLTS. (CVE-2014-8484)\n\nSang Kil Cha discovered multiple integer overflows in the\n_objalloc_alloc function and objalloc_alloc macro in binutils. This\ncould allow an attacker to cause a denial of service (application\ncrash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.\n(CVE-2012-3509)\n\nAlexander Cherepanov and Hanno B\u00f6ck discovered multiple additional\nout-of-bounds reads and writes in GNU binutils. An attacker could use\nthese to craft input that could cause a denial of service (application\ncrash) or possibly execute arbitrary code. A few of these issues may\nbe limited in exposure to a denial of service (application abort)\nby the GNU C library\u0027s Fortify Source printf protection.\n\nThe strings(1) utility in GNU binutils used libbfd by default when\nexamining executable object files; unfortunately, libbfd was not\noriginally developed with the expectation of hostile input. As\na defensive measure, the behavior of strings has been changed to\ndefault to \u0027strings --all\u0027 behavior, which does not use libbfd; use\nthe new argument to strings, \u0027--data\u0027, to recreate the old behavior.\n",
"id": "USN-2496-1",
"modified": "2026-04-22T07:36:32Z",
"published": "2015-02-09T21:39:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2496-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2012-3509"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8484"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8485"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8501"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8502"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8503"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8504"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8737"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-8738"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "binutils vulnerabilities",
"upstream": [
"UBUNTU-CVE-2012-3509",
"UBUNTU-CVE-2014-8484",
"UBUNTU-CVE-2014-8485",
"UBUNTU-CVE-2014-8501",
"UBUNTU-CVE-2014-8502",
"UBUNTU-CVE-2014-8503",
"UBUNTU-CVE-2014-8504",
"UBUNTU-CVE-2014-8737",
"UBUNTU-CVE-2014-8738"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.