CVE-2017-9954Out-of-bounds Read in Binutils

CWE-125Out-of-bounds Read10 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 38.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedJun 26
Latest updateMay 13

Description

The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.29-1+3
NVDgnu/binutils2.28

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-h7m4-5f4m-554h: The getvalue function in tekhex2022-05-13
CVEList
CVE-2017-9954: The getvalue function in tekhex2017-06-26
OSV
CVE-2017-9954: The getvalue function in tekhex2017-06-26

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Red Hat
binutils: stack-based buffer over-read in getvalue function2017-07-11
Debian
CVE-2017-9954: binutils - The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (a...2017

💬Community

3
Bugzilla
CVE-2017-9954 mingw-binutils: binutils: stack-based buffer over-read in getvalue function [epel-all]2017-07-11
Bugzilla
CVE-2017-9954 binutils: stack-based buffer over-read in getvalue function2017-07-11
Bugzilla
CVE-2017-9954 binutils: stack-based buffer over-read in getvalue function [fedora-all]2017-07-11
CVE-2017-9954 — Out-of-bounds Read in GNU Binutils | cvebase