CVE-2014-8501 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
gnu	binutils	𝑥 ≤ 2.24
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

binutils

bookworm	2.40-2 fixed
bullseye	2.35.2-2 fixed
sid	2.43.1-5 fixed
trixie	2.43.1-5 fixed

binutils-mingw-w64

bookworm	10.4 fixed
bullseye	8.11 fixed
sid	12 fixed
trixie	12 fixed

gdb

bookworm	unimportant
bullseye	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

binutils

lucid	Fixed 2.20.1-3ubuntu7.2 released
precise	Fixed 2.22-6ubuntu1.2 released
trusty	Fixed 2.24-5ubuntu3.1 released
utopic	Fixed 2.24.90.20141014-0ubuntu3.1 released
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

gdb

lucid	ignored
precise	ignored
trusty	Fixed 7.7.1-0ubuntu5~14.04.3 released
utopic	ignored
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html

http://secunia.com/advisories/62241

http://secunia.com/advisories/62746

http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

http://www.openwall.com/lists/oss-security/2014/10/26/3

http://www.openwall.com/lists/oss-security/2014/10/31/1

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70866

http://www.ubuntu.com/usn/USN-2496-1

https://bugzilla.redhat.com/show_bug.cgi?id=1162570

https://security.gentoo.org/glsa/201612-24

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7e1e19887abd24aeb15066b141cdff5541e0ec8e

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html

http://secunia.com/advisories/62241

http://secunia.com/advisories/62746

http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

http://www.openwall.com/lists/oss-security/2014/10/26/3

http://www.openwall.com/lists/oss-security/2014/10/31/1

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70866

http://www.ubuntu.com/usn/USN-2496-1

https://bugzilla.redhat.com/show_bug.cgi?id=1162570

https://security.gentoo.org/glsa/201612-24

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7e1e19887abd24aeb15066b141cdff5541e0ec8e