NULL Pointer Dereference in binutils

Do your applications use this vulnerable package? Test your applications

Overview

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

References

CVE Details
Debian Security Tracker
Gentoo Security Advisory
Ubuntu CVE Tracker
https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-7614
CWE: CWE-476
Snyk ID: SNYK-DEBIAN8-BINUTILS-403579
Disclosed: 09 Apr, 2017
Published: 09 Apr, 2017

NULL Pointer Dereference
Affecting binutils package, versions *

Overview

References

CVSS Score

NULL Pointer Dereference Affecting binutils package, versions *

Overview

References

NULL Pointer Dereference
Affecting binutils package, versions *