CVE-2017-17080

MEDIUM

GNU Binutils 2.29.1 - DoS

Title source: llm

Description

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

References (2)

[Issue Tracking, Third Party Advisory] https://sourceware.org/bugzilla/show_bug.cgi?id=22421

[Third Party Advisory] https://security.gentoo.org/glsa/201811-17

Scores

CVSS v3 5.5

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-125

Status draft

Affected Products (1)

gnu/binutils

Timeline

Published Nov 30, 2017

Tracked Since Feb 18, 2026