Out-of-bounds Read Affecting binutils package, versions *


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.14% (51st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN9-BINUTILS-403968
  • published30 Nov 2017
  • disclosed30 Nov 2017

Introduced: 30 Nov 2017

CVE-2017-17080  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

There is no fixed version for Debian:9 binutils.

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.