Your submission was sent successfully! Close

CVE-2017-12450

Published: 4 August 2017

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.

Notes

AuthorNote
sbeattie
reproducers attached to bug report
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2.29.1-1ubuntu1)
bionic Not vulnerable
(2.29.1-1ubuntu1)
cosmic Not vulnerable
(2.29.1-1ubuntu1)
disco Not vulnerable
(2.29.1-1ubuntu1)
eoan Not vulnerable
(2.29.1-1ubuntu1)
focal Not vulnerable
(2.29.1-1ubuntu1)
groovy Not vulnerable
(2.29.1-1ubuntu1)
hirsute Not vulnerable
(2.29.1-1ubuntu1)
impish Not vulnerable
(2.29.1-1ubuntu1)
jammy Not vulnerable
(2.29.1-1ubuntu1)
precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream
Released (2.29.1)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm1)
zesty Ignored
(reached end-of-life)
Patches:
other: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
other: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=8a2df5e2df374289e00ecd8f099eb46d76ef982e
other: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=deeb3d27c254ad8bf8c3877fa6b61817f56191f5 (v2.29 branch)
other: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=64aa1246572306b72dc479b46d13ff749b0c3236 (v2.29 branch)