Your submission was sent successfully! Close

CVE-2017-17080

Published: 30 November 2017

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.30-21ubuntu1~18.04.1)
cosmic Not vulnerable
(2.31.1-6ubuntu1.1)
disco Not vulnerable
(2.32-7ubuntu4)
eoan Not vulnerable
(2.32-8ubuntu1)
focal Not vulnerable
(2.32-8ubuntu1)
groovy Not vulnerable
(2.32-8ubuntu1)
hirsute Not vulnerable
(2.32-8ubuntu1)
impish Not vulnerable
(2.32-8ubuntu1)
jammy Not vulnerable
(2.32-8ubuntu1)
kinetic Not vulnerable
(2.32-8ubuntu1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (2.29.90.20180122-1)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm1)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=80a0437873045cc08753fcac4af154e2931a99fd