CVE-2017-7299
Last modified
CVE-2017-7299 is a vulnerability of currently unknown severity. The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.. EPSS estimates a 1.13% chance of exploitation in the next 30 days.
Description
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.28 |
References
- http://www.securityfocus.com/bid/97217Third Party Advisory, VDB Entry
- https://sourceware.org/bugzilla/show_bug.cgi?id=20908Issue Tracking, Patch
- http://www.securityfocus.com/bid/97217Third Party Advisory, VDB Entry
- https://sourceware.org/bugzilla/show_bug.cgi?id=20908Issue Tracking, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7299?
How severe is CVE-2017-7299?
How do I fix CVE-2017-7299?
Are you affected by CVE-2017-7299?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST