Published: 09/04/2017 Updated: 19/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu binutils 2.28

Debian Bug report logs - #859989 binutils: CVE-2017-7614 Package: src:binutils; Maintainer for src:binutils is Matthias Klose <doko@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 04:24:01 UTC Severity: normal Tags: patch, security, upstream Found in version binutils/228-3 ...

elflinkc in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 228, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program ...

CWE-476 https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/https://security.gentoo.org/glsa/201709-02 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859989 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-7614

CVE-2017-7614

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect