CVE-2017-16831 — Integer Overflow or Wraparound in Binutils

CWE-190 — Integer Overflow or Wraparound8 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 43.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedNov 15

Latest updateMay 14

Description

coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.29.90.20180122-1+3

▶NVDgnu/binutils2.29.1

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-x3hp-v34p-5x6h: coffgen↗2022-05-14

▶

CVEList

CVE-2017-16831: coffgen↗2017-11-15

▶

OSV

CVE-2017-16831: coffgen↗2017-11-15

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Red Hat

binutils: Integer overflow in coffgen.c↗2017-11-02

▶

Debian

CVE-2017-16831: binutils - coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribut...↗2017

▶

💬Community

Bugzilla

CVE-2017-16831 binutils: Integer overflow in coffgen.c↗2017-11-29

▶