Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-7226

Опубликовано: 22 мар. 2017
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 6.4
CVSS3: 9.1

Описание

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

2.30-21ubuntu1~18.04.1
cosmic

not-affected

2.31.1-6ubuntu1.1
devel

not-affected

2.32-8ubuntu1
disco

not-affected

2.32-7ubuntu4
eoan

not-affected

2.32-8ubuntu1
esm-infra-legacy/trusty

needed

esm-infra/bionic

not-affected

2.30-21ubuntu1~18.04.1
esm-infra/focal

not-affected

2.32-8ubuntu1
esm-infra/xenial

released

2.26.1-1ubuntu1~16.04.8+esm1

Показывать по

Ссылки на источники

EPSS

Процентиль: 59%
0.00379
Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-7226

CVSS3: 4.4
redhat
около 9 лет назад

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

nvd логотип

CVE-2017-7226

CVSS3: 9.1
nvd
почти 9 лет назад

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

debian логотип

CVE-2017-7226

CVSS3: 9.1
debian
почти 9 лет назад

The pe_ILF_object_p function in the Binary File Descriptor (BFD) libra ...

github логотип

GHSA-gfmx-5h2c-grrx

CVSS3: 9.1
github
больше 3 лет назад

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

suse-cvrf логотип

openSUSE-SU-2018:3223-1

suse-cvrf
больше 7 лет назад

Security update for binutils

EPSS

Процентиль: 59%
0.00379
Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3