CVE-2017-15023
MEDIUMGNU Binutils 2.29 - Denial of Service via Crafted ELF File in concat_filename
Title source: llmDescription
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101611
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201801-01
Patch x_refsource_misc
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=22200
Patch, Third Party Advisory, VDB Entry x_refsource_misc
https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
Scores
CVSS v3
5.5
EPSS
0.0049
EPSS Percentile
65.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
gnu/binutils
2.29
Published
Oct 05, 2017
Tracked Since
Feb 18, 2026