PT-2017-4297 · Gnu+1 · Gnu Binutils+2

Published

2017-09-25

Updated

2021-07-21

CVE-2017-14932

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the decode line info function in the dwarf2.c component of the Binary File Descriptor (BFD) library, also known as libbfd. It allows remote attackers to cause a denial of service by creating an infinite loop using a crafted ELF file. This can be exploited by a remote attacker to disrupt service.

Recommendations: For GNU Binutils version 2.29, consider disabling the decode line info function in dwarf2.c as a temporary workaround until a patch is available. Restrict access to the libbfd library to minimize the risk of exploitation. Avoid using crafted ELF files that could trigger the infinite loop in the decode line info function.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2023-07752

CVE-2017-14932

USN-4336-2

Affected Products

Gnu Binutils

Ubuntu

Libbfd

PT-2017-4297 · Gnu+1 · Gnu Binutils+2

CVE-2017-14932

Weakness Enumeration

Related Identifiers

Affected Products

References · 456