Vulnerability Details : CVE-2017-7302
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.
Products affected by CVE-2017-7302
- cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7302
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7302
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-7302
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7302
-
https://sourceware.org/bugzilla/show_bug.cgi?id=20921
20921 – STRIP crashes when writing stripped fileIssue Tracking;Patch
-
http://www.securityfocus.com/bid/97216
GNU Binutils 'swap_std_reloc_out()' Function Remote Denial of Service VulnerabilityPatch;VDB Entry
Jump to