CVE-2017-13757 — Out-of-bounds Read in Binutils
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 36.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 29
Latest updateMay 13
Description
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-gp9g-9j35-qx4x: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-13
CVEList▶
CVE-2017-13757: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2017-08-29
OSV▶
CVE-2017-13757: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2017-08-29
📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 binutils: various flaws [fedora-all]↗2017-09-01
Bugzilla▶
CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 mingw-binutils: various flaws [epel-all]↗2017-09-01
Bugzilla▶
CVE-2017-13757 binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c↗2017-09-01