Out-of-Bounds in binutils

Do your applications use this vulnerable package? Test your applications

Overview

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.

References

Debian Security Tracker
Gentoo Security Advisory
Security Focus
Ubuntu CVE Tracker
https://sourceware.org/bugzilla/show_bug.cgi?id=22361
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-15996
CWE: CWE-119
Snyk ID: SNYK-DEBIAN9-BINUTILS-404024
Disclosed: 29 Oct, 2017
Published: 29 Oct, 2017

Out-of-Bounds
Affecting binutils package, versions *

Overview

References

CVSS Score

Out-of-Bounds Affecting binutils package, versions *

Overview

References

Out-of-Bounds
Affecting binutils package, versions *