binutils: Fix CVE-2024-53589 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yash Shinde <Yash.Shinde@windriver.com>	2024-12-12 06:35:05 -0800
committer	Steve Sakoman <steve@sakoman.com>	2025-01-09 06:02:48 -0800
commit	44c8d98587e478703dec3de6ed2e929233fab5c8 (patch)
tree	bb38d5bfbf9980a60edf9cc7fdc454135bf234da /scripts/contrib/convert-srcuri.py
parent	d0a0b075749c0aa2fa796fdcf856ffac7ecfcb85 (diff)
download	poky-44c8d98587e478703dec3de6ed2e929233fab5c8.tar.gz

binutils: Fix CVE-2024-53589

A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex parser during format identification. Specifically, the issue manifests when attempting to read 8 bytes at an address that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read. Backport a patch from upstream to fix CVE-2024-53589. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] (From OE-Core rev: 04c6b181bf9b1babd647c642ba8598b837f1263b) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/contrib/convert-srcuri.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: