PT-2017-18328 · Gnu+2 · Gnu Binutils+2

Jgj212

Published

2017-05-02

Updated

2024-06-15

CVE-2017-8421

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue is related to a memory leak in the coff set alignment hook function in the BFD library, which can lead to memory exhaustion when objdump processes a crafted PE file. Additional validation in the dump relocs in section function can help resolve this issue.

Recommendations For GNU Binutils version 2.28, consider adding additional validation in the dump relocs in section function in objdump.c to mitigate the memory leak issue. As a temporary workaround, restrict the use of objdump with crafted PE files until a patch is available.

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2017-8421

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2017:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

USN-4336-2

USN-6413-1

Affected Products

Gnu Binutils

Suse

Ubuntu

PT-2017-18328 · Gnu+2 · Gnu Binutils+2

CVE-2017-8421

Weakness Enumeration

Related Identifiers

Affected Products

References · 803