PT-2017-4315 · Gnu+1 · Gnu Binutils+1

Published

2017-11-02

Updated

2024-06-15

CVE-2017-16830

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1

Description: The issue is related to integer-overflow protection in the print gnu property note function. This allows remote attackers to cause a denial of service, potentially leading to a segmentation violation and application crash, or possibly having other unspecified impacts via a crafted ELF file. The vulnerability can also be exploited to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations: For GNU Binutils version 2.29.1, consider updating to a newer version that addresses the integer-overflow issue in the print gnu property note function. As a temporary workaround, restrict the use of the print gnu property note function to minimize the risk of exploitation. Avoid processing crafted ELF files until the issue is resolved.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2023-07770

CVE-2017-16830

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2018_3323-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2018:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

Affected Products

Gnu Binutils

Suse

PT-2017-4315 · Gnu+1 · Gnu Binutils+1

CVE-2017-16830

Weakness Enumeration

Related Identifiers

Affected Products

References · 278