GNU Binutils
Moderate fix2 remedies
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 2.43
GNU Binutils Stack-Based Buffer Overflow Vulnerability in Objdump Component
Vulnerability
Patched
A stack-based buffer overflow vulnerability has been identified in GNU Binutils versions prior to 2.43. The issue arises in the 'disassemble_bytes' function within 'binutils/objdump.c', where improper handling of the 'buf' argument creates the potential for a stack-based overflow. This vulnerability can be exploited remotely, although the attack's complexity is considered high, requiring user interaction.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing a program to crash.
Reproduction
The vulnerability can be reproduced by compiling 'objdump' with AddressSanitizer enabled, using Clang version 14.0.6. After compiling, 'objdump' can be run with the '--insn-width 64 -d' options. The input file that triggers the vulnerability is available as an attachment in the original vulnerability report.
Remediation
Users are advised to upgrade to GNU Binutils version 2.44 or later, where this vulnerability has been addressed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
10.0exploitability
5.8remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.