CVE-2017-17121

HIGH

GNU Binutils 2.29.1 - DoS

Title source: llm

Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

References (3)

[Patch] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b23dc97fe237a1d9e850d7cbeee066183a00630b

[Exploit, Issue Tracking] https://sourceware.org/bugzilla/show_bug.cgi?id=22506

[Third Party Advisory] https://security.gentoo.org/glsa/201811-17

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 58.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

gnu/binutils

Timeline

Published Dec 04, 2017

Tracked Since Feb 18, 2026