CVE-2017-9755 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils
Severity
7.8HIGHNVD
EPSS
1.2%
top 21.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 19
Latest updateMay 14
Description
opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
5Microsoft▶
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to c↗2019-06-11
Red Hat
▶
Debian▶
CVE-2017-9755: binutils - opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of register...↗2017
💬Community
3Bugzilla
▶
Bugzilla▶
CVE-2017-9755 binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers↗2017-07-11