CVE-2005-4808
CVE-2005-4808 is a high-severity vulnerability in Gnu Binutils with a CVSS 2.0 base score of 7.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.6)
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Gnu Binutils
- Published:
- Last modified:
Description
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
Frequently asked questions
- What is CVE-2005-4808?
- Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
- How severe is CVE-2005-4808?
- CVE-2005-4808 has a CVSS 2.0 base score of 7.6, rated high severity.
- Is CVE-2005-4808 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-4808?
- CVE-2005-4808 primarily affects Gnu Binutils. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-4808?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2005-4808 published?
- CVE-2005-4808 was published on 2005-12-31 and last updated on 2026-06-16.
References
- http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069
- http://www.ubuntu.com/usn/usn-366-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44661
Affected products (2)
- cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
More vulnerabilities in Gnu Binutils
- CVE-2018-12699 — Critical (CVSS 9.8): finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow)…
- CVE-2017-7614 — Critical (CVSS 9.8): elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member…
- CVE-2014-9939 — Critical (CVSS 9.8): ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
- CVE-2017-7226 — Critical (CVSS 9.1): The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
- CVE-2017-6969 — Critical (CVSS 9.1): readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The…
- CVE-2020-19726 — High (CVSS 8.8): An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or…