Fortinet Discovers BinUtils Heap Overflow Vulnerability
Fortinet's FortiGuard Labs has discovered a Heap Overflow vulnerability in BinUtils Objdump software.
Objdump is a program for displaying various information about object files. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executable and other binary data.
A Heap Overflow vulnerability has been discovered in BinUtils Objdump. The vulnerability is caused by a crafted binary file which causes an out-of-bounds memory operation. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released May 18, 2018
Users should update to the latest BinUtils package.
Fortinet reported the vulnerability to BinUtils on December 1, 2015.
BinUtils confirmed the vulnerability on December 04, 2015.
BinUtils patched the vulnerability on December 07, 2015.
This vulnerability was discovered by Kushal Shah of Fortinet's FortiGuard Labs.