CVE-2017-15023 - read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist

CVE-2017-15023

Summary

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

References

Vulnerable Configurations

cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*
cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-01-2018 - 02:29)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	101611
gentoo	GLSA-201801-01
misc	https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/ https://sourceware.org/bugzilla/show_bug.cgi?id=22200 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf

Last major update

09-01-2018 - 02:29

Published

05-10-2017 - 01:29

Last modified

09-01-2018 - 02:29