Published: 18/05/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

GNU Binutils 2.28 allows remote malicious users to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu binutils 2.28

Debian Bug report logs - #863674 CVE-2017-9038 to CVE-2017-9043 Package: binutils; Maintainer for binutils is Matthias Klose <doko@debianorg>; Source for binutils is src:binutils (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 29 May 2017 21:21:04 UTC Severity: important Tags: fixe ...

GNU Binutils 228 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcommc, the get_unwind_section_word function in readelfc, and ARM unwind information that contains invalid word offsets ...

CWE-125 https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/http://www.securityfocus.com/bid/98589 https://security.gentoo.org/glsa/201709-02 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f32ba72991d2406b21ab17edc234a2f3fa7fb23d https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674 https://nvd.nist.gov

CVE-2017-9038

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect