PT-2017-17590 · Gnu+2 · Gnu Binutils+2

Thuan Pham

Published

2017-03-22

Updated

2024-06-15

CVE-2017-7226

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue arises from the pe ILF object p function in the Binary File Descriptor library, which is part of GNU Binutils. This function is vulnerable to a heap-based buffer over-read due to its use of the strlen function instead of strnlen, potentially causing program crashes in utilities like addr2line, size, and strings. It may also lead to information disclosure.

Recommendations For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as the current version's use of strlen instead of strnlen in the pe ILF object p function poses a significant risk.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-7226

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

Affected Products

Gnu Binutils

Suse

Ubuntu

PT-2017-17590 · Gnu+2 · Gnu Binutils+2

CVE-2017-7226

Weakness Enumeration

Related Identifiers

Affected Products

References · 772