GNU Binutils 'libiberty' CVE-2019-14250 Integer Overflow Vulnerability

GNU Binutils is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition.
GNU Binutils version 2.32 is vulnerable.

Information

Bugtraq ID: 109354
Class: Boundary Condition Error
CVE: CVE-2019-14250

Remote: Yes
Local: No
Published: Jul 24 2019 12:00AM
Updated: Jul 24 2019 12:00AM
Credit: Ren Kimura
Vulnerable: GNU libiberty 9.1.0
GNU libiberty 0
GNU Binutils 2.32

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

[PATCH] libiberty: Check zero value shstrndx in simple-object-elf.c (GNU)
Binutils Home Page (GNU)
GCC Bugzilla â?? Bug 90924 (GNU)

Source: www.securityfocus.com

Exploit Collector

Search Exploit