Buffer Overflow Vulnerability in GNU objdump by GNU
CVE-2024-53589

8.4HIGH

Key Information:

Vendor: GNU
Status: objdump
Vendor: CVE Published:; 5 December 2024

Summary

The GNU objdump tool, particularly version 2.43, is prone to a buffer overflow vulnerability in the BFD library when processing tekhex format files. This flaw could allow attackers to potentially exploit the handling of malformed input files, leading to unexpected behavior or crashes in the application, allowing for unauthorized access or further exploitation within the system. Users are advised to update to the latest version and apply relevant security patches to mitigate this risk.

References

https://www.gnu.org/software/binutils/

https://bushido-sec.com/index.php/2024/12/05/binutils-obj...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 20, 2024