PT-2017-18328 · Gnu+2 · Gnu Binutils+2

Jgj212

Publicado

2017-05-02

Atualizado

2024-06-15

CVE-2017-8421

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue is related to a memory leak in the coff set alignment hook function in the BFD library, which can lead to memory exhaustion when objdump processes a crafted PE file. Additional validation in the dump relocs in section function can help resolve this issue.

Recommendations For GNU Binutils version 2.28, consider adding additional validation in the dump relocs in section function in objdump.c to mitigate the memory leak issue. As a temporary workaround, restrict the use of objdump with crafted PE files until a patch is available.

Correção

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

CVE-2017-8421

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

USN-6413-1

Produtos afetados

Gnu Binutils

Suse

Ubuntu

PT-2017-18328 · Gnu+2 · Gnu Binutils+2

CVE-2017-8421

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 803