CVE-2012-3509
binutils - security update
EPSS 1.7%
Description
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
How to fix CVE-2012-3509
To remediate CVE-2012-3509, upgrade the affected package to a fixed version below.
- Debian/binutils—upgrade to 2.22-8 or later
- Debian/binutils—upgrade to 2.20.1-16+deb6u2 or later
Is CVE-2012-3509 being exploited?
Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.22-8
- from 0, < 2.20.1-16+deb6u2