Vulnerability Details : CVE-2017-17122
Potential exploit
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-17122
- cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-17122
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-17122
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-17122
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-17122
-
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
sourceware.org Git - binutils-gdb.git/commitPatch
-
https://sourceware.org/bugzilla/show_bug.cgi?id=22508
22508 – Heap overflow in dump_relocs_in_sectionExploit;Issue Tracking;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201811-17
Binutils: Multiple vulnerabilities (GLSA 201811-17) — Gentoo securityThird Party Advisory
Jump to