PT-2017-17430 · Gnu+2 · Gnu Binutils+2

Thuan Pham

Published

2017-03-17

Updated

2024-06-15

CVE-2017-6965

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue arises when readelf in GNU Binutils processes corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow due to writing to illegal addresses.

Recommendations For GNU Binutils version 2.28, consider avoiding the use of readelf with untrusted or potentially corrupt input files until a patch is available. As a temporary workaround, restrict the use of readelf to trusted input files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-6965

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

Affected Products

Gnu Binutils

Suse

Ubuntu

PT-2017-17430 · Gnu+2 · Gnu Binutils+2

CVE-2017-6965

Weakness Enumeration

Related Identifiers

Affected Products

References · 772