Out-of-bounds Read Affecting binutils package, versions <2.26.1-1ubuntu1~16.04.8+esm1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1604-BINUTILS-403674
- published 29 Mar 2017
- disclosed 29 Mar 2017
Introduced: 29 Mar 2017
CVE-2017-7299 Open this link in a new tabHow to fix?
Upgrade Ubuntu:16.04 binutils to version 2.26.1-1ubuntu1~16.04.8+esm1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu.
See How to fix? for Ubuntu:16.04 relevant fixed versions and status.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.