CVE-2017-6969 — Out-of-bounds Read in Binutils

CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

9.1CRITICALNVD

EPSS

0.5%

top 36.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedMar 17

Latest updateMay 13

Description

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶Debiangnu/binutils< 2.28-3+3

▶NVDgnu/binutils2.28

🔴Vulnerability Details

GHSA

GHSA-43g9-956r-vq78: readelf in GNU Binutils 2↗2022-05-13

▶

OSV

CVE-2017-6969: readelf in GNU Binutils 2↗2017-03-17

▶

CVEList

CVE-2017-6969: readelf in GNU Binutils 2↗2017-03-17

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Red Hat

binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries↗2017-02-14

▶

Debian

CVE-2017-6969: binutils - readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read whil...↗2017

▶

💬Community

Bugzilla

CVE-2017-6969 binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries↗2017-03-24

▶