CVE-2017-6969

CRITICAL

GNU Binutils <2.28 - Memory Corruption

Title source: llm

Description

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

References (3)

[Exploit, Issue Tracking, Third Party Advisory, VDB Entry] https://sourceware.org/bugzilla/show_bug.cgi?id=21156

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97065

[Third Party Advisory] https://security.gentoo.org/glsa/201709-02

Scores

CVSS v3 9.1

EPSS 0.0046

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-125

Status draft

Affected Products (1)

gnu/binutils

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026