CVE-2017-17080

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

Published : 2017-11-30 21:29 Updated : 2019-10-03 00:03

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Gnu Binutils 2.29.1 cpe:/a:gnu:binutils:2.29.1
  1. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.29.1

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-10-03 00:03
2018-11-27 11:29
2017-12-20 18:07
2017-11-30 21:29

New CVE