First published: Tue Mar 21 2017(Updated: )
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | <=2.25 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 | |
debian/gdb | 10.1-1.7 13.1-3 15.2-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-9939 is a vulnerability in GNU Binutils before version 2.26 that allows a stack buffer overflow when printing bad bytes in Intel Hex objects.
GNU Binutils before version 2.26, Ubuntu binutils version 2.25.90.20151125-1, Ubuntu gdb version 7.7.1-0ubuntu5~14.04.3, Ubuntu gdb version 7.10-1, Debian binutils versions 2.31.1-16, 2.35.2-2, 2.40-2, 2.41-5, and Debian gdb versions 8.2.1-2, 10.1-1.7, 13.1-3, 13.2-1 are affected by CVE-2014-9939.
CVE-2014-9939 has a Common Vulnerability Scoring System (CVSS) severity rating of low.
To fix the CVE-2014-9939 vulnerability, you should upgrade to GNU Binutils version 2.26 or higher, or apply the recommended remedies for the affected Ubuntu and Debian packages.
You can find more information about CVE-2014-9939 in the references: http://www.openwall.com/lists/oss-security/2015/07/31/6, https://sourceware.org/bugzilla/show_bug.cgi?id=18750, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b