8.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-53589

CVE-2024-53589: GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's...

GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-53589

CVE-2024-53589:

8.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The primary source of information is the commit patch and the detailed explanation from the Bushido Security advisory. The commit e0323071916878e0634a6e24d8250e4faff67e88 directly modifies the first_phase function in bfd/tekhex.c. The commit message explicitly states that the change is to guard against modification of _bfd_std_section[] entries, which aligns with the vulnerability description of an out-of-bounds read near this global variable. The Bushido Security advisory confirms that the root cause is in first_phase due to improper handling of bfd_abs_section_ptr, leading to an attempt to modify its properties. The patch adds checks (bfd_is_const_section) to prevent these modifications. Therefore, first_phase is identified as the vulnerable function as it contained the logic that, prior to the patch, allowed for the conditions leading to the buffer overflow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-53589: GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's...

CVE-2024-53589:

8.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2024-53589: GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's...

8.4

8.4

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI