Your submission was sent successfully! Close

CVE-2017-7302

Published: 29 March 2017

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2.28-1ubuntu1)
bionic Not vulnerable
(2.28-1ubuntu1)
cosmic Not vulnerable
(2.28-1ubuntu1)
disco Not vulnerable
(2.28-1ubuntu1)
eoan Not vulnerable
(2.28-1ubuntu1)
focal Not vulnerable
(2.28-1ubuntu1)
groovy Not vulnerable
(2.28-1ubuntu1)
hirsute Not vulnerable
(2.28-1ubuntu1)
impish Not vulnerable
(2.28-1ubuntu1)
jammy Not vulnerable
(2.28-1ubuntu1)
precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream
Released (2.27.51.20161212-1)
xenial
Released (2.26.1-1ubuntu1~16.04.8+esm1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(2.28-1ubuntu1)
Patches:
upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e2996cc315d6ea242e1a954dc20246485ccc8512