CVE-2017-17121

HIGH

GNU Binutils - Denial of Service via COFF Binary Relocation Handling

Title source: llm

Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

References (3)

Core 3

Core References

Exploit, Issue Tracking x_refsource_misc

https://sourceware.org/bugzilla/show_bug.cgi?id=22506

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201811-17

Patch x_refsource_misc

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b23dc97fe237a1d9e850d7cbeee066183a00630b

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 58.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

gnu/binutils 2.29.1

Published Dec 04, 2017

Tracked Since Feb 18, 2026