Homepage

Out-of-Bounds Affecting binutils package, versions <2.26.1-1ubuntu1~16.04.8+esm1

Severity

 Recommended
low

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.78% (82nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1604-BINUTILS-349280
  • published27 Oct 2017
  • disclosed27 Oct 2017
Report a new vulnerability Found a mistake?

Introduced: 27 Oct 2017

CVE-2017-15938  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade Ubuntu:16.04 binutils to version 2.26.1-1ubuntu1~16.04.8+esm1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:16.04 relevant fixed versions and status.

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).