CVE-2017-9042Incorrect Type Conversion or Cast in Binutils

CWE-704Incorrect Type Conversion or Cast9 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 39.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMay 18
Latest updateMay 17

Description

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debiangnu/binutils< 2.29-1+3
NVDgnu/binutils2.28

Patches

Patch: blogs.gentoo.orgPatch: blogs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-7h8w-xx2f-hmr7: readelf2022-05-17
CVEList
CVE-2017-9042: readelf2017-05-18
OSV
CVE-2017-9042: readelf2017-05-18

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Red Hat
binutils: Invalid variable type in readelf.c2017-05-12
Debian
CVE-2017-9042: binutils - readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" ...2017

💬Community

1
Bugzilla
CVE-2017-9042 binutils: Invalid variable type in readelf.c2017-05-18
CVE-2017-9042 — Incorrect Type Conversion or Cast | cvebase