Vulnerability Details : CVE-2005-4807
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-4807
Probability of exploitation activity in the next 30 days: 1.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4807
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-4807
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2005-4807
-
Red Hat 2006-08-24gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs.
-
http://www.securityfocus.com/bid/19555
Exploit;Patch;Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-336-1
Patch;Third Party Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=99464
Patch;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/3307
Permissions Required
- cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*