CVE-2017-6965

MEDIUM

GNU Binutils <2.28 - Buffer Overflow

Title source: llm

Description

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

References (2)

[Exploit, Issue Tracking] https://sourceware.org/bugzilla/show_bug.cgi?id=21137

[Third Party Advisory] https://security.gentoo.org/glsa/201709-02

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 48.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

gnu/binutils

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026