cbcvebase.
CVE-2017-7303
published 2017-03-29

CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a…

high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianbinutils< binutils 2.27.51.20161212-1 (bookworm)binutils 2.27.51.20161212-1 (bookworm)
gnubinutils
gnubinutils>= 0 < 2.27.51.20161212-12.27.51.20161212-1
gnubinutils>= 0 < 2.27.51.20161212-12.27.51.20161212-1
gnubinutils>= 0 < 2.27.51.20161212-12.27.51.20161212-1
gnubinutils>= 0 < 2.27.51.20161212-12.27.51.20161212-1

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH