[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: strings / libbfd crasher
From: cve-assign () mitre ! org
Date: 2014-10-31 5:57:18
Message-ID: 20141031055718.EBA296C005C () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> a crasher in the PE parser, I don't know if this is the same one, but
> I reported it upstream:
> https://sourceware.org/bugzilla/show_bug.cgi?id=17512
>
> As this is a write to uninitialized memory it seems to me a CVE is
> deserved.
>
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
Use CVE-2014-8501 for the 7e1e19887abd24aeb15066b141cdff5541e0ec8e
issue.
> https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c16
>
> Seems to be different from the previous crasher.
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
>
> objdump-pe-crasher2 gives a heap overflow
Use CVE-2014-8502 for the objdump-pe-crasher2 issue.
[ The http://openwall.com/lists/oss-security/2014/10/27/2 post
suggests that there isn't a known way to exploit objdump-elf-crasher
or objdump-pe-crasher for code execution. There are currently no CVE
IDs associated with objdump-elf-crasher or objdump-pe-crasher. ]
> https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
> https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
Use CVE-2014-8503 for this ihex parser issue.
> https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c28
> Fixes another memory corruption bug introduced by patches for PR 17512.
>
> * elf.c (bfd_section_from_shdr): Fix heap use after free memory
> leak.
There is no CVE ID for this issue that apparently does not affect the
2.24 release.
> http://openwall.com/lists/oss-security/2014/10/27/4
> http://openwall.com/lists/oss-security/2014/10/27/5
> https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
> https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
Use CVE-2014-8504 for this srec_scan issue.
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJUUyRLAAoJEKllVAevmvmsIbsIAIJDFE1pSNpFW3UyTJ7uSD26
e1vrHDZ+YefWDseQdoXpMoerpD2xvRJ4PBPUMuQhpaBbPTOTaSAb3IjBsJvs3KDs
14iGXCybHv9aiqmrcPVfu08dhplrVkS32W8TswSI4/w2on3BSMV15zqMg+RQssyp
3t1VNcPViYefBYpUlw/MiG5Eqbhld7vXbCFz+QkRxnJ99GJjlhEA+lmjjTVdcSwS
Qtd7/ZwjMKxaf9vUnPNiLpqSYihlNNpIYLa61FIhy0AzKKs2mfny5Qf3InCnnIgV
RIDg61rCsixvEoHZTyk7yrrk1+XIKPoEJv5KgXMloyi4zQ70LJrLhI935bATU4E=
=8LMX
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic