Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
References
Link | Resource |
---|---|
http://security-tracker.debian.org/tracker/CVE-2012-3509 | Issue Tracking Third Party Advisory |
http://www.securityfocus.com/bid/55281 | Third Party Advisory VDB Entry |
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2012/08/29/3 | Mailing List Third Party Advisory |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411 | Issue Tracking |
http://www.ubuntu.com/usn/USN-2496-1 | Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78135 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2012-09-05 16:55
Updated : 2017-08-28 18:31
NVD link : CVE-2012-3509
Mitre link : CVE-2012-3509
JSON object : View
CWE
CWE-189
Numeric Errors
Products Affected
gnu
- libiberty
- binutils
canonical
- ubuntu_linux
debian
- debian_linux