Out-of-Bounds in binutils

Do your applications use this vulnerable package? Test your applications

Overview

The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

References

Debian Security Tracker
Exploit DB
Security Focus
Ubuntu CVE Tracker
https://sourceware.org/bugzilla/show_bug.cgi?id=21582

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-9748
CWE: CWE-119
Snyk ID: SNYK-DEBIAN8-BINUTILS-403515
Disclosed: 19 Jun, 2017
Published: 19 Jun, 2017

Out-of-Bounds
Affecting binutils package, versions *

Overview

References

CVSS Score

Out-of-Bounds Affecting binutils package, versions *

Overview

References

Out-of-Bounds
Affecting binutils package, versions *