PT-2017-4286 · Gnu+1 · Gnu Binutils+1

Adhokshaj Mishra

Published

2017-08-25

Updated

2026-04-20

CVE-2017-13716

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the C++ symbol demangler routine in cplus-dem.c, which allows remote attackers to cause a denial of service through excessive memory allocation and application crash via a crafted file. This can be triggered by a call from the Binary File Descriptor (BFD) library. The vulnerability is associated with unlimited memory allocation.

Recommendations: For GNU Binutils version 2.29, consider updating to a newer version to mitigate the risk of excessive memory allocation and application crash. As a temporary workaround, restrict the use of crafted files that could trigger the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2023-07741

CVE-2017-13716

ECHO-8A87-AB68-F9F6

MGASA-2019-0169

Affected Products

Debian

Gnu Binutils

PT-2017-4286 · Gnu+1 · Gnu Binutils+1

CVE-2017-13716

Weakness Enumeration

Related Identifiers

Affected Products

References · 40