PT-2017-19151 · Gnu+1 · Bfd Library+3
Alexandre Adamski
·
Published
2017-06-19
·
Updated
2021-07-21
·
CVE-2017-9744
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GNU Binutils version 2.28
Description
The issue is related to the
sh elf set mach from flags function in the BFD library, which can be exploited by remote attackers using a crafted binary file. This can lead to a denial of service, causing a buffer overflow and application crash, and potentially have other unspecified impacts. The vulnerability can be triggered during the execution of "objdump -D" with a malicious binary file.Recommendations
For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the
sh elf set mach from flags function in the BFD library to minimize the risk of exploitation. Avoid processing untrusted binary files with "objdump -D" until the issue is resolved.Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bfd Library
Gnu Binutils
Ubuntu
Objdump