PT-2017-17588 · Gnu+2 · Gnu Binutils+2

Thuan Pham

Publicado

2017-03-22

Atualizado

2024-06-15

CVE-2017-7224

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue arises from the find nearest line function in objdump, which is part of GNU Binutils. It is vulnerable to an invalid write when disassembling a corrupt binary containing an empty function name. This can lead to a program crash.

Recommendations For GNU Binutils version 2.28, consider avoiding the disassembly of binaries with empty function names until a patch is available. As a temporary workaround, restrict the use of the find nearest line function in objdump when dealing with potentially corrupt binaries.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2017-7224

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

Produtos afetados

Gnu Binutils

Suse

Ubuntu

PT-2017-17588 · Gnu+2 · Gnu Binutils+2

CVE-2017-7224

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 774