PT-2017-18662 · Gnu+2 · Gnu Binutils+2
Agostino Sarubbo
·
Publicado
2017-05-18
·
Atualizado
2021-07-21
·
CVE-2017-9039
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GNU Binutils version 2.28
Description
The issue allows remote attackers to cause a denial of service, specifically memory consumption, by utilizing a crafted ELF file that contains many program headers. This is related to the
get program headers function in readelf.c.Recommendations
For GNU Binutils version 2.28, consider avoiding the use of the
get program headers function in readelf.c until a patch is available. As a temporary workaround, restrict the processing of ELF files with multiple program headers to minimize the risk of exploitation.Correção
DoS
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gnu Binutils
Suse
Ubuntu