PT-2017-4302 · Gnu+1 · Bfd Library+3
Publicado
2017-09-21
·
Atualizado
2021-07-21
·
CVE-2017-14940
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
GNU Binutils version 2.29 and earlier
Description:
The issue is related to the
scan unit for symbols function in the dwarf2.c component of the Binary File Descriptor (BFD) library, also known as libbfd. It allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted ELF file. This can be exploited by an attacker to disrupt the service.Recommendations:
For GNU Binutils version 2.29 and earlier, consider updating to a newer version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bfd Library
Gnu Binutils
Ubuntu
Libbfd