Forum Thread: GNU Binutils libbfd TekHex Record Handling Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
GNU Binutils libbfd TekHex Record Handling Vulnerability

Secunia GNU Binutils libbfd TekHex Record Handling Vulnerability
Secunia Official 27th Jan, 2014 20:54
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Jesús Olmos Gonzalez has reported a vulnerability in GNU Binutils, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

The vulnerability is caused due to an error in "bfd/tekhex.c" of the libbfd library when processing a specially crafted file that contains a Tektronix Hex Format (TekHex) record that contains a length value which is not a valid hexadecimal character. This can be exploited to cause a buffer overflow via a specially crafted file.

Successful exploitation crashes an application that uses the library (e.g. strings) and may allow arbitrary code execution.

The vulnerability has been reported in version 2.16.1. Other versions may also be affected.

ohcaml RE: GNU Binutils libbfd TekHex Record Handling Vulnerability
Member 27th Jan, 2014 20:54
Score: 0
Posts: 1
User Since: 27th Jan 2014
System Score: N/A
Location: US
Last edited on 27th Jan, 2014 20:54
Patched in 2.17.
Was this reply relevant?
+0
-0