<p>There is no fixed version for <code>Centos:7</code> <code>binutils</code>.</p>

Out-of-bounds Read Affecting binutils package, versions *

Snyk CVSS

Attack Complexity Low

User Interaction Required

Threat Intelligence

EPSS 0.08% (34^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-CENTOS7-BINUTILS-1983766
published 26 Jul 2021
disclosed 6 Dec 2016

Report a new vulnerability Found a mistake?

Introduced: 6 Dec 2016

CVE-2017-7304 Open this link in a new tab CWE-125 Open this link in a new tab

How to fix?

There is no fixed version for Centos:7 binutils.

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.