CVE-2017-7226Out-of-bounds Read in Binutils

CWE-125Out-of-bounds Read8 documents8 sources
Severity
9.1CRITICALNVD
EPSS
0.4%
top 40.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMar 22
Latest updateMay 13

Description

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

Debiangnu/binutils< 2.27.51.20161212-1+3
NVDgnu/binutils2.28

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-gfmx-5h2c-grrx: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22022-05-13
OSV
CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22017-03-22
CVEList
CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 22017-03-22

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Debian
CVE-2017-7226: binutils - The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka li...2017
Red Hat
binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd2016-12-01

💬Community

1
Bugzilla
CVE-2017-7226 binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd2017-03-23
CVE-2017-7226 — Out-of-bounds Read in GNU Binutils | cvebase