The vulnerability of the `scan_unit_for_symbols` function in the `dwarf2.c` component of the GNU Binutils development environment allows a hacker to trigger a service failure.

🗓️ 14 Nov 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Binutils scan_unit_for_symbols has pointer arithmetic errors enabling remote failure.

Reporter	Title	Published	Views	Family All 57
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.	18 Oct 201903:36	–	ibm
CloudLinux	Fix of CVE: CVE-2017-15022, CVE-2017-9742, CVE-2017-9749, CVE-2017-14940, CVE-2017-15225, CVE-2017-9753, CVE-2017-14130, CVE-2017-14333, CVE-2017-8421, CVE-2017-8398, CVE-2017-12448, CVE-2017-16826, CVE-2017-15938, CVE-2017-16831, CVE-2017-9744, CVE-2017-12455, CVE-2017-15996, CVE-2017-8396, CVE-2017-12451, CVE-2017-7614, CVE-2017-12452, CVE-2017-9748, CVE-2017-7225, CVE-2017-7302, CVE-2017-12449, CVE-2017-12458, CVE-2017-16827, CVE-2017-15939, CVE-2017-7227, CVE-2017-7226, CVE-2017-16828, CVE-2017-17121, CVE-2017-12453, CVE-2017-17080, CVE-2017-17124, CVE-2017-7223, CVE-2017-9747, CVE-2017-12457, CVE-2017-12456, CVE-2017-7299, CVE-2017-7300, CVE-2017-9754, CVE-2017-13710, CVE-2017-12450, CVE-2017-7301, CVE-2017-8394, CVE-2017-12454, CVE-2017-14932, CVE-2017-15020, CVE-2017-17123, CVE-2017-12459, CVE-2017-7224, CVE-2017-17125, CVE-2017-12799, CVE-2017-8393, CVE-2017-14938	24 Nov 202116:19	–	cloudlinux
CloudLinux	Fix of 56 CVEs	6 Dec 202115:16	–	cloudlinux
CNVD	GNU Binutils Denial of Service Vulnerability (CNVD-2017-30067)	30 Sep 201700:00	–	cnvd
CVE	CVE-2017-14940	29 Sep 201718:00	–	cve
Cvelist	CVE-2017-14940	29 Sep 201718:00	–	cvelist
Debian CVE	CVE-2017-14940	29 Sep 201718:00	–	debiancve
Tenable Nessus	EulerOS 2.0 SP5 : binutils (EulerOS-SA-2019-2129)	12 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : binutils (EulerOS-SA-2019-2450)	4 Dec 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : binutils (EulerOS-SA-2019-2558)	19 Dec 201900:00	–	nessus

Vulners

Node

gnu_general_public_license gnu_binutilsMatch2.29

Source	Link
blogs	www.blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-14940
security-tracker	www.security-tracker.debian.org/tracker/CVE-2017-14940
sourceware	www.sourceware.org/bugzilla/show_bug.cgi
sourceware	www.sourceware.org/git/gitweb.cgi
wiki	www.wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
web	www.web.nvd.nist.gov/view/vuln/detail

14 Nov 2023 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 36.5

CVSS 27.8

EPSS0.01938

binutils dwarf scan unit symbols pointer arithmetic remote exploit executable format