CVE-2017-8394
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
La biblioteca Binary File Descriptor (BFD) (también conocida como libbfd), tal como se distribuye en GNU Binutils 2.28, es vulnerable a una lectura no válida de tamaño 4 referenciando a un puntero NULL de _bfd_elf_large_com_section. Esta vulnerabilidad hace que los programas que realizan un análisis de los programas binarios utilizando la biblioteca libbfd, como objcopy, se bloqueen.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-05-01 CVE Reserved
- 2017-05-01 CVE Published
- 2023-03-11 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=21414 | 2017-09-19 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201709-02 | 2017-09-19 |