Out-of-bounds Write in binutils

Do your applications use this vulnerable package? Test your applications

Overview

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.

References

Debian Security Tracker
Ubuntu CVE Tracker
https://sourceware.org/bugzilla/show_bug.cgi?id=21813

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-12450
CWE: CWE-787
Snyk ID: SNYK-DEBIAN9-BINUTILS-403640
Disclosed: 04 Aug, 2017
Published: 04 Aug, 2017

Out-of-bounds Write
Affecting binutils package, versions *

Overview

References

CVSS Score

Out-of-bounds Write Affecting binutils package, versions *

Overview

References

Out-of-bounds Write
Affecting binutils package, versions *