CVE-2017-15996 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 45.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedOct 29

Latest updateMay 14

Description

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.29.90.20180122-1+3

▶NVDgnu/binutils2.29

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-575w-2h42-5mmg: elfcomm↗2022-05-14

▶

OSV

CVE-2017-15996: elfcomm↗2017-10-29

▶

CVEList

CVE-2017-15996: elfcomm↗2017-10-29

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Red Hat

binutils: Excessive memory allocation in elfcomm.c↗2017-10-27

▶

Debian

CVE-2017-15996: binutils - elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a den...↗2017

▶

💬Community

Bugzilla

CVE-2017-15996 binutils: Excessive memory allocation in elfcomm.c↗2017-11-21

▶