Lucene search

PRIOn knowledge basePRION:CVE-2012-3509

HistorySep 05, 2012 - 11:55 p.m.

Integer overflow

2012-09-0523:55:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the “addition of CHUNK_HEADER_SIZE to the length,” which triggers a heap-based buffer overflow.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.10
ubuntu_linuxeq14.04
ubuntu_linuxeq10.04
debian_linuxeq7.0
binutilseq2.22

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.10
ubuntu_linux	eq	14.04
ubuntu_linux	eq	10.04
debian_linux	eq	7.0
binutils	eq	2.22

References

gcc.gnu.org/bugzilla/show_bug.cgi?id=54411

gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html

security-tracker.debian.org/tracker/CVE-2012-3509

www.mandriva.com/security/advisories?name=MDVSA-2015:029

www.openwall.com/lists/oss-security/2012/08/29/3

www.securityfocus.com/bid/55281

www.ubuntu.com/usn/USN-2496-1

exchange.xforce.ibmcloud.com/vulnerabilities/78135