The vulnerability of the `bfd_mach_o_read_symtab_strtab` function in the `bfd/mach-o.c` component of the GNU Binutils development environment allows a attacker to access confidential data, compromise its integrity, and cause service failures.

🗓️ 14 Nov 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c is vulnerable to buffer overflow risking data exposure, integrity loss, or service disruption.

Reporter	Title	Published	Views	Family All 39
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics	18 Oct 201903:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.	18 Oct 201903:10	–	ibm
Tenable Nessus	Amazon Linux 2 : binutils (ALAS-2019-1185)	29 Mar 201900:00	–	nessus
Tenable Nessus	Photon OS 3.0: Crash PHSA-2023-3.0-0601	24 Jul 202400:00	–	nessus
Tenable Nessus	Photon OS 4.0: Crash PHSA-2023-4.0-0414	23 Jul 202400:00	–	nessus
Tenable Nessus	Ubuntu 16.04 ESM : GNU binutils vulnerabilities (USN-4336-2)	21 Jul 202100:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2017-12459	30 Aug 202500:00	–	nessus
Amazon	Medium: binutils	21 Mar 201900:00	–	amazon
CloudLinux	Fix of CVE: CVE-2017-15022, CVE-2017-9742, CVE-2017-9749, CVE-2017-14940, CVE-2017-15225, CVE-2017-9753, CVE-2017-14130, CVE-2017-14333, CVE-2017-8421, CVE-2017-8398, CVE-2017-12448, CVE-2017-16826, CVE-2017-15938, CVE-2017-16831, CVE-2017-9744, CVE-2017-12455, CVE-2017-15996, CVE-2017-8396, CVE-2017-12451, CVE-2017-7614, CVE-2017-12452, CVE-2017-9748, CVE-2017-7225, CVE-2017-7302, CVE-2017-12449, CVE-2017-12458, CVE-2017-16827, CVE-2017-15939, CVE-2017-7227, CVE-2017-7226, CVE-2017-16828, CVE-2017-17121, CVE-2017-12453, CVE-2017-17080, CVE-2017-17124, CVE-2017-7223, CVE-2017-9747, CVE-2017-12457, CVE-2017-12456, CVE-2017-7299, CVE-2017-7300, CVE-2017-9754, CVE-2017-13710, CVE-2017-12450, CVE-2017-7301, CVE-2017-8394, CVE-2017-12454, CVE-2017-14932, CVE-2017-15020, CVE-2017-17123, CVE-2017-12459, CVE-2017-7224, CVE-2017-17125, CVE-2017-12799, CVE-2017-8393, CVE-2017-14938	24 Nov 202116:19	–	cloudlinux
CloudLinux	Fix of 56 CVEs	6 Dec 202115:16	–	cloudlinux

Vulners

Node

gnu_general_public_license gnu_binutilsRange≤2.29

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-12459
security-tracker	www.security-tracker.debian.org/tracker/CVE-2017-12459
sourceware	www.sourceware.org/bugzilla/show_bug.cgi
sourceware	www.sourceware.org/git/gitweb.cgi
wiki	www.wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
web	www.web.nvd.nist.gov/view/vuln/detail

14 Nov 2023 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 38.8

CVSS 210

EPSS0.00421

buffer overflow data exposure integrity loss service disruption binutils project mach o reader