Out-of-bounds Read in binutils

Do your applications use this vulnerable package? Test your applications

Overview

The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.

References

Debian Security Tracker
Security Focus
Ubuntu CVE Tracker
https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-9044
CWE: CWE-125
Snyk ID: SNYK-DEBIAN9-BINUTILS-403330
Disclosed: 18 May, 2017
Published: 18 May, 2017

Out-of-bounds Read
Affecting binutils package, versions *

Overview

References

CVSS Score

Out-of-bounds Read Affecting binutils package, versions *

Overview

References

Out-of-bounds Read
Affecting binutils package, versions *