PT-2017-18662 · Gnu+2 · Gnu Binutils+2
Agostino Sarubbo
·
Published
2017-05-18
·
Updated
2021-07-21
·
CVE-2017-9039
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GNU Binutils version 2.28
Description
The issue allows remote attackers to cause a denial of service, specifically memory consumption, by utilizing a crafted ELF file that contains many program headers. This is related to the
get program headers function in readelf.c.Recommendations
For GNU Binutils version 2.28, consider avoiding the use of the
get program headers function in readelf.c until a patch is available. As a temporary workaround, restrict the processing of ELF files with multiple program headers to minimize the risk of exploitation.Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu Binutils
Suse
Ubuntu