CVE-2017-17124Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow8 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 40.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedDec 4
Latest updateMay 14

Description

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debiangnu/binutils< 2.29.90.20180122-1+3
NVDgnu/binutils2.29.1

🔴Vulnerability Details

3
GHSA
GHSA-x45v-w8hp-9v85: The _bfd_coff_read_string_table function in coffgen2022-05-14
OSV
CVE-2017-17124: The _bfd_coff_read_string_table function in coffgen2017-12-04
CVEList
CVE-2017-17124: The _bfd_coff_read_string_table function in coffgen2017-12-04

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Red Hat
binutils: Heap buffer overflow in the _bfd_coff_read_string_table function2017-11-28
Debian
CVE-2017-17124: binutils - The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descrip...2017

💬Community

1
Bugzilla
CVE-2017-17124 binutils: Heap buffer overflow in the _bfd_coff_read_string_table function2017-12-11
CVE-2017-17124 — GNU Binutils vulnerability | cvebase