Your submission was sent successfully! Close

CVE-2014-9939

Published: 21 March 2017

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

Priority

Negligible

CVSS 3 base score: 9.8

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream
Released (2.25.90.20151125-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.26.1-1ubuntu1~16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.
gdb
Launchpad, Ubuntu, Debian
Upstream
Released (7.10-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.11.1-0ubuntu1~16.04)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.