CVE-2017-15023
Last modified
CVE-2017-15023 is a vulnerability of currently unknown severity. read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.. EPSS estimates a 2.07% chance of exploitation in the next 30 days.
Description
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.29 |
References
- https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/Patch, Third Party Advisory, VDB Entry
- https://sourceware.org/bugzilla/show_bug.cgi?id=22200Issue Tracking, Patch, Third Party Advisory
- https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/Patch, Third Party Advisory, VDB Entry
- https://sourceware.org/bugzilla/show_bug.cgi?id=22200Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-15023?
How severe is CVE-2017-15023?
How do I fix CVE-2017-15023?
Are you affected by CVE-2017-15023?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST