ID CVE-2012-3509
Summary Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:binutils:2.22:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:binutils:2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 55281
mandriva MDVSA-2015:029
misc
mlist
  • [gcc-patches] 20120829 [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)
  • [oss-security] 20120829 CVE-2012-3509: objalloc_alloc integer overflows in libiberty
ubuntu USN-2496-1
xf gnu-libiberty-overflow(78135)
Last major update 29-08-2017 - 01:31
Published 05-09-2012 - 23:55
Back to Top