Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-15023

Опубликовано: 05 окт. 2017
Источник: debian

Описание

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
binutilsfixed2.29.51.20171128-1experimentalpackage
binutilsfixed2.29.90.20180122-1package
binutilsignoredstretchpackage
binutilsignoredjessiepackage
binutilsignoredwheezypackage

Примечания

  • https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/

  • https://sourceware.org/bugzilla/show_bug.cgi?id=22200

  • https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf

  • When this issue is fixed it is to make sure to not open CVE-2017-15939, i.e.

  • not to apply the incomplete fix. See notes on CVE-2017-15939

Связанные уязвимости

ubuntu логотип

CVE-2017-15023

CVSS3: 5.5
ubuntu
больше 8 лет назад

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

redhat логотип

CVE-2017-15023

CVSS3: 3.3
redhat
больше 8 лет назад

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

nvd логотип

CVE-2017-15023

CVSS3: 5.5
nvd
больше 8 лет назад

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

github логотип

GHSA-v237-vcgw-685x

CVSS3: 5.5
github
больше 3 лет назад

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

fstec логотип

BDU:2023-07761

CVSS3: 6.5
fstec
больше 8 лет назад

Уязвимость функции read_formatted_entries компонента dwarf2.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании