CVE-2017-7209NULL Pointer Dereference in Binutils

CWE-476NULL Pointer Dereference8 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 45.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMar 21
Latest updateMay 14

Description

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.28-3+3
NVDgnu/binutils2.28

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-vc9h-g9cm-99gg: The dump_section_as_bytes function in readelf in GNU Binutils 22022-05-14
CVEList
CVE-2017-7209: The dump_section_as_bytes function in readelf in GNU Binutils 22017-03-21
OSV
CVE-2017-7209: The dump_section_as_bytes function in readelf in GNU Binutils 22017-03-21

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Red Hat
binutils: Null pointer dereference in dump_section_as_bytes function in readelf2017-02-13
Debian
CVE-2017-7209: binutils - The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NU...2017

💬Community

1
Bugzilla
CVE-2017-7209 binutils: Null pointer dereference in dump_section_as_bytes function in readelf2017-03-24
CVE-2017-7209 — NULL Pointer Dereference in Binutils | cvebase