CVE-2017-16832 — Integer Overflow or Wraparound in Binutils

CWE-190 — Integer Overflow or Wraparound8 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 43.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedNov 15

Latest updateMay 14

Description

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.29.90.20180122-1+3

▶NVDgnu/binutils2.29.1

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-m58h-xr6q-8fjj: The pe_bfd_read_buildid function in peicode↗2022-05-14

▶

OSV

CVE-2017-16832: The pe_bfd_read_buildid function in peicode↗2017-11-15

▶

CVEList

CVE-2017-16832: The pe_bfd_read_buildid function in peicode↗2017-11-15

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Red Hat

binutils: Segmentation fault in the pe_bfd_read_buildid function↗2017-10-31

▶

Debian

CVE-2017-16832: binutils - The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD...↗2017

▶

💬Community

Bugzilla

CVE-2017-16832 binutils: Segmentation fault in the pe_bfd_read_buildid function↗2017-11-29

▶