CVE-2017-12967Out-of-bounds Read in Binutils

CWE-125Out-of-bounds Read11 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 22.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedAug 19
Latest updateMay 13

Description

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.29-5+3
NVDgnu/binutils2.29

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-x93j-fm3w-m5v9: The getsym function in tekhex2022-05-13
OSV
CVE-2017-12967: The getsym function in tekhex2017-08-19
CVEList
CVE-2017-12967: The getsym function in tekhex2017-08-19

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Red Hat
binutils: Stack-based buffer over-read in getsym function in tekhex.c2017-08-23
Debian
CVE-2017-12967: binutils - The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka...2017

💬Community

4
HackerOne
Two vulnerability in GNU binutils2019-10-14
Bugzilla
CVE-2017-12967 binutils: Stack-based buffer over-read in getsym function in tekhex.c [fedora-all]2017-08-23
Bugzilla
CVE-2017-12967 mingw-binutils: binutils: Stack-based buffer over-read in getsym function in tekhex.c [epel-all]2017-08-23
Bugzilla
CVE-2017-12967 binutils: Stack-based buffer over-read in getsym function in tekhex.c2017-08-23
CVE-2017-12967 — Out-of-bounds Read in GNU Binutils | cvebase