CVE-2017-17080 — Out-of-bounds Read in Binutils

CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 39.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedNov 30

Latest updateMay 13

Description

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/binutils< 2.29.90.20180122-1+3

▶NVDgnu/binutils2.29.1

🔴Vulnerability Details

GHSA

GHSA-pv58-rm4p-v2gh: elf↗2022-05-13

▶

OSV

CVE-2017-17080: elf↗2017-11-30

▶

CVEList

CVE-2017-17080: elf↗2017-11-30

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Red Hat

binutils: Heap-based buffer over-read in bfd_getl32↗2017-11-11

▶

Debian

CVE-2017-17080: binutils - elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed i...↗2017

▶

💬Community

Bugzilla

CVE-2017-17080 binutils: Heap-based buffer over-read in bfd_getl32↗2017-12-11

▶