]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8c26b3) | patch
binutils: Fix CVE-2024-53589
authorYash Shinde <Yash.Shinde@windriver.com>
Thu, 12 Dec 2024 14:30:29 +0000 (06:30 -0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 13 Dec 2024 11:19:55 +0000 (11:19 +0000)
commit7c9a9020d1e9204ba875ac10b20ab7ccabce82bc
treeed1fef04d0a2ecd0a29f10ef2b865304e28f4ce9tree
parentb8c26b320abce65862632f0e832d93ba37c6dc41commit | diff
binutils: Fix CVE-2024-53589

A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.

Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/binutils/binutils-2.43.1.inc diff | blob | blame | history
meta/recipes-devtools/binutils/binutils/0015-CVE-2024-53589.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core