Improper Input Validation in binutils

Do your applications use this vulnerable package? Test your applications

Overview

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

References

Debian Security Tracker
Security Focus
Ubuntu CVE Tracker
https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-9043
CWE: CWE-20
Snyk ID: SNYK-DEBIAN9-BINUTILS-403460
Disclosed: 18 May, 2017
Published: 18 May, 2017

Improper Input Validation
Affecting binutils package, versions *

Overview

References

CVSS Score

Improper Input Validation Affecting binutils package, versions *

Overview

References

Improper Input Validation
Affecting binutils package, versions *