]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b19b1e9) | patch
binutils: Fix CVE-2024-53589
authorYash Shinde <Yash.Shinde@windriver.com>
Thu, 12 Dec 2024 14:37:15 +0000 (06:37 -0800)
committerSteve Sakoman <steve@sakoman.com>
Wed, 18 Dec 2024 14:41:43 +0000 (06:41 -0800)
commit15635eb807ea1cbf0fd04e0cbe9cf169df107a05
tree1bb8b0af3f73a3d0bde98f079c03104402685d08tree | snapshot
parentb19b1e905d966443c4e4d17dfaeb299ae2526575commit | diff
binutils: Fix CVE-2024-53589

A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.

Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/binutils/binutils-2.42.inc diff | blob | blame | history
meta/recipes-devtools/binutils/binutils/0016-CVE-2024-53589.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core