CVE-2014-8737

2014-12-0923:59:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-8737

directory traversal

gnu binutils

vulnerability

local users

arbitrary files

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

8.4

Confidence

High

EPSS

Percentile

10.1%

JSON

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a … (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a … (dot dot) or full path name in an archive to ar.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

Node

gnubinutilsRange≤2.24

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04::lts:
canonicalubuntu_linux14.10cpe:/o:canonical:ubuntu_linux:14.10:::
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04::lts:
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04::lts:

Vendor	Product	Version	CPE
canonical	ubuntu_linux	14.04	cpe:/o:canonical:ubuntu_linux:14.04::lts:
canonical	ubuntu_linux	14.10	cpe:/o:canonical:ubuntu_linux:14.10:::
canonical	ubuntu_linux	12.04	cpe:/o:canonical:ubuntu_linux:12.04::lts:
canonical	ubuntu_linux	10.04	cpe:/o:canonical:ubuntu_linux:10.04::lts: