Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3509

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3509
Last Modified 23 Mar 2015 09:59:35
Published 05 Sep 2012 07:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3509

Summary

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Gnu Binutils 2.22

  • Gnu Libiberty


References

XF - gnu-libiberty-overflow(78135)

BID - 55281

MLIST - [oss-security] 20120829 CVE-2012-3509: objalloc_alloc integer overflows in libiberty

MISC - http://security-tracker.debian.org/tracker/CVE-2012-3509

MLIST - [gcc-patches] 20120829 [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)

MISC - http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411

UBUNTU - USN-2496-1

MANDRIVA - MDVSA-2015:029


Last Updated: 27 May 2016 11:00:27