CVE-2017-7614 — NULL Pointer Dereference in Binutils

CWE-476 — NULL Pointer Dereference8 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 38.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedApr 9

Latest updateMay 17

Description

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debiangnu/binutils< 2.28-4+3

▶NVDgnu/binutils2.28

Patches

Patch: blogs.gentoo.org ↗Patch: blogs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-jmr6-pw55-q334: elflink↗2022-05-17

▶

OSV

CVE-2017-7614: elflink↗2017-04-09

▶

CVEList

CVE-2017-7614: elflink↗2017-04-09

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Red Hat

binutils: NULL pointer dereference in bfd_elf_final_link function↗2017-04-05

▶

Debian

CVE-2017-7614: binutils - elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribut...↗2017

▶

💬Community

Bugzilla

CVE-2017-7614 binutils: NULL pointer dereference in bfd_elf_final_link function↗2017-04-10

▶