CVE-2017-14939
binutils 2.29.51.20170921 - 'read_1_byte' Heap Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.
decode_line_info en dwarf2.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, gestiona de manera incorrecta un cálculo de longitud, lo que permite a atacantes remotos provocar una denegación de servicio (sobrelectura de búfer basado en pila y bloqueo de aplicación) mediante un archivo ELF manipulado, relacionado con read_1_byte.
binutils version 2.29.51.20170921 suffers from a read_1_byte heap-based buffer overflow vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-29 CVE Reserved
- 2017-09-29 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101216 | Vdb Entry | |
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=515f23e63c0074ab531bc954f84ca40c6281a724 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42970 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c | 2023-11-07 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=22169 | 2023-11-07 |
| URL | Date | SRC |
|---|