7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
64.6%
Issue Overview:
The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.(CVE-2017-12451)
The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.(CVE-2017-12455)
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.(CVE-2017-13710)
The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.(CVE-2017-12458)
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.(CVE-2017-12454)
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.(CVE-2017-12453)
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.(CVE-2017-12450)
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.(CVE-2017-12456)
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.(CVE-2017-12459)
The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.(CVE-2017-12449)
The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.(CVE-2017-12457)
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.(CVE-2017-12452)
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.(CVE-2017-12448)
Affected Packages:
binutils
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update binutils to update your system.
New Packages:
aarch64:
binutils-2.29.1-27.amzn2.0.1.aarch64
binutils-devel-2.29.1-27.amzn2.0.1.aarch64
binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64
i686:
binutils-2.29.1-27.amzn2.0.1.i686
binutils-devel-2.29.1-27.amzn2.0.1.i686
binutils-debuginfo-2.29.1-27.amzn2.0.1.i686
src:
binutils-2.29.1-27.amzn2.0.1.src
x86_64:
binutils-2.29.1-27.amzn2.0.1.x86_64
binutils-devel-2.29.1-27.amzn2.0.1.x86_64
binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64
Red Hat: CVE-2017-12448, CVE-2017-12449, CVE-2017-12450, CVE-2017-12451, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12455, CVE-2017-12456, CVE-2017-12457, CVE-2017-12458, CVE-2017-12459, CVE-2017-13710
Mitre: CVE-2017-12448, CVE-2017-12449, CVE-2017-12450, CVE-2017-12451, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12455, CVE-2017-12456, CVE-2017-12457, CVE-2017-12458, CVE-2017-12459, CVE-2017-13710
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | binutils | < 2.29.1-27.amzn2.0.1 | binutils-2.29.1-27.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | binutils-devel | < 2.29.1-27.amzn2.0.1 | binutils-devel-2.29.1-27.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | binutils-debuginfo | < 2.29.1-27.amzn2.0.1 | binutils-debuginfo-2.29.1-27.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | i686 | binutils | < 2.29.1-27.amzn2.0.1 | binutils-2.29.1-27.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | binutils-devel | < 2.29.1-27.amzn2.0.1 | binutils-devel-2.29.1-27.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | binutils-debuginfo | < 2.29.1-27.amzn2.0.1 | binutils-debuginfo-2.29.1-27.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | x86_64 | binutils | < 2.29.1-27.amzn2.0.1 | binutils-2.29.1-27.amzn2.0.1.x86_64.rpm |
Amazon Linux | 2 | x86_64 | binutils-devel | < 2.29.1-27.amzn2.0.1 | binutils-devel-2.29.1-27.amzn2.0.1.x86_64.rpm |
Amazon Linux | 2 | x86_64 | binutils-debuginfo | < 2.29.1-27.amzn2.0.1 | binutils-debuginfo-2.29.1-27.amzn2.0.1.x86_64.rpm |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
64.6%