CVE-2017-8396
HIGHGNU Binutils 2.28 - Denial of Service via Invalid Read in BFD Library
Title source: llmDescription
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201709-02
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=21432
Scores
CVSS v3
7.5
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
gnu/binutils
2.28
Published
May 01, 2017
Tracked Since
Feb 18, 2026