PT-2017-17588 · Gnu+2 · Gnu Binutils+2

Thuan Pham

Published

2017-03-22

Updated

2024-06-15

CVE-2017-7224

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue arises from the find nearest line function in objdump, which is part of GNU Binutils. It is vulnerable to an invalid write when disassembling a corrupt binary containing an empty function name. This can lead to a program crash.

Recommendations For GNU Binutils version 2.28, consider avoiding the disassembly of binaries with empty function names until a patch is available. As a temporary workaround, restrict the use of the find nearest line function in objdump when dealing with potentially corrupt binaries.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2017-7224

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

Affected Products

Gnu Binutils

Suse

Ubuntu

PT-2017-17588 · Gnu+2 · Gnu Binutils+2

CVE-2017-7224

Weakness Enumeration

Related Identifiers

Affected Products

References · 774