PT-2017-4300 · Gnu+1 · Gnu Binutils+1
Agostino Sarubbo
·
Published
2017-09-21
·
Updated
2021-07-21
·
CVE-2017-14938
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
GNU Binutils versions 2.29 and earlier
Description:
The issue allows remote attackers to cause a denial of service, resulting in excessive memory allocation and an application crash, via a crafted ELF file. This is due to the
bfd elf slurp version tables function in the elf.c component of the Binary File Descriptor (BFD) library, which permits unlimited memory allocation.Recommendations:
For GNU Binutils versions 2.29 and earlier, consider updating to a version later than 2.29 to resolve the issue. As a temporary workaround, consider restricting the use of the
bfd elf slurp version tables function in the elf.c component until a patch is available. Avoid processing crafted ELF files with the affected GNU Binutils versions to minimize the risk of exploitation.Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu Binutils
Ubuntu