CVE-2017-7299
published 2017-03-29CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | binutils | < binutils 2.27.51.20161220-1 (bookworm) | binutils 2.27.51.20161220-1 (bookworm) |
| gnu | binutils | — | — |
| gnu | binutils | >= 0 < 2.27.51.20161220-1 | 2.27.51.20161220-1 |
| gnu | binutils | >= 0 < 2.27.51.20161220-1 | 2.27.51.20161220-1 |
| gnu | binutils | >= 0 < 2.27.51.20161220-1 | 2.27.51.20161220-1 |
| gnu | binutils | >= 0 < 2.27.51.20161220-1 | 2.27.51.20161220-1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM