CVE-2017-17124

MEDIUM

Description

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

References

https://security.gentoo.org/glsa/201811-17

https://sourceware.org/bugzilla/show_bug.cgi?id=22507

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c

Details

Source: MITRE

Published: 2017-12-04

Updated: 2018-11-27

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
135628EulerOS Virtualization 3.0.2.2 : binutils (EulerOS-SA-2020-1466)NessusHuawei Local Security Checks
high
134494EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2020-1205)NessusHuawei Local Security Checks
medium
132275EulerOS 2.0 SP3 : binutils (EulerOS-SA-2019-2558)NessusHuawei Local Security Checks
high
131604EulerOS 2.0 SP2 : binutils (EulerOS-SA-2019-2450)NessusHuawei Local Security Checks
high
130838EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-2129)NessusHuawei Local Security Checks
medium
121791Photon OS 2.0: Binutils PHSA-2017-2.0-0008NessusPhotonOS Local Security Checks
medium
121783Photon OS 1.0: Binutils PHSA-2017-1.0-0095NessusPhotonOS Local Security Checks
high
119162GLSA-201811-17 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
111906Photon OS 2.0: Binutils / Linux / Wget PHSA-2017-2.0-0008 (deprecated)NessusPhotonOS Local Security Checks
medium
111904Photon OS 1.0: Binutils / Curl / Docker / Linux / Rpm PHSA-2017-1.0-0095 (deprecated)NessusPhotonOS Local Security Checks
high