Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-9742 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents9 sources
Severity
7.8HIGHNVD
EPSS
1.7%
top 17.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 19
Latest updateAug 9
Description
The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2017-9742 mingw-binutils: binutils: stack overflow in score_opcodes function [fedora-all]↗2017-07-10
Bugzilla▶
CVE-2017-9742 binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary↗2017-07-10
Bugzilla▶
CVE-2017-9742 mingw-binutils: binutils: stack overflow in score_opcodes function [epel-all]↗2017-07-10