CVE-2012-3509
GNU binutils 2.22-2.23 - Denial of Service via Integer Overflow in objalloc
Title source: llmDescription
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
References (8)
Core 8
Core References
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/29/3
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2496-1
Third Party Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78135
Issue Tracking x_refsource_misc
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55281
Issue Tracking, Third Party Advisory x_refsource_misc
http://security-tracker.debian.org/tracker/CVE-2012-3509
Scores
EPSS
0.0175
EPSS Percentile
82.8%
Details
CWE
CWE-189
Status
published
Products (7)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
debian/debian_linux
7.0
gnu/binutils
2.22 - 2.24
gnu/libiberty
Published
Sep 05, 2012
Tracked Since
Feb 18, 2026