PT-2017-17590 · Gnu+2 · Gnu Binutils+2

Thuan Pham

Publicado

2017-03-22

Atualizado

2024-06-15

CVE-2017-7226

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue arises from the pe ILF object p function in the Binary File Descriptor library, which is part of GNU Binutils. This function is vulnerable to a heap-based buffer over-read due to its use of the strlen function instead of strnlen, potentially causing program crashes in utilities like addr2line, size, and strings. It may also lead to information disclosure.

Recommendations For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as the current version's use of strlen instead of strnlen in the pe ILF object p function poses a significant risk.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2017-7226

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

Produtos afetados

Gnu Binutils

Suse

Ubuntu

PT-2017-17590 · Gnu+2 · Gnu Binutils+2

CVE-2017-7226

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 772