7.8
CVSSv3

CVE-2017-9749

Published: 19/06/2017 Updated: 09/01/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote malicious users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu binutils 2.28

Vendor Advisories

The *regs* macros in opcodes/bfin-disc in GNU Binutils 228 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution ...

Exploits

Source: sourcewareorg/bugzilla/show_bugcgi?id=21586 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer Please find attached the minimized file causing the issue ("Input") and the ASAN report log ("Output") Below is the reduced stacktrace with links to the corresponding source lines on a GitHub mirror The comman ...