Missing Release of Resource after Effective Lifetime in binutils

Do your applications use this vulnerable package? Test your applications

Overview

_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

References

CONFIRM
CONFIRM
Debian Security Tracker
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-15225
CWE: CWE-772
Snyk ID: SNYK-DEBIAN9-BINUTILS-403784
Disclosed: 10 Oct, 2017
Published: 10 Oct, 2017

Missing Release of Resource after Effective Lifetime
Affecting binutils package, versions *

Overview

References

CVSS Score

Missing Release of Resource after Effective Lifetime Affecting binutils package, versions *

Overview

References

Missing Release of Resource after Effective Lifetime
Affecting binutils package, versions *