Out-of-bounds Read in binutils

Do your applications use this vulnerable package? Test your applications

Overview

The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.

References

Debian Security Tracker
Ubuntu CVE Tracker
https://sourceware.org/bugzilla/show_bug.cgi?id=21813

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-12454
CWE: CWE-125
Snyk ID: SNYK-DEBIAN8-BINUTILS-403653
Disclosed: 04 Aug, 2017
Published: 04 Aug, 2017

Out-of-bounds Read
Affecting binutils package, versions *

Overview

References

CVSS Score

Out-of-bounds Read Affecting binutils package, versions *

Overview

References

Out-of-bounds Read
Affecting binutils package, versions *