Lucene search

[email protected]CVE-2017-13716

HistoryAug 28, 2017 - 9:29 p.m.

CVE-2017-13716

2017-08-2821:29:00

CWE-770

[email protected]

web.nvd.nist.gov

c++

symbol demangler

libiberty

gnu binutils

cve-2017-13716

denial of service

remote attackers

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

32.1%

JSON

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

CPENameOperatorVersion
gnu:binutilsgnu binutilseq2.29

CPE	Name	Operator	Version
gnu:binutils	gnu binutils	eq	2.29

References

sourceware.org/bugzilla/show_bug.cgi?id=22009

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for CVE-2017-13716

prion1 redhatcve1 cvelist1 osv1 debiancve1 ubuntucve1 openvas2 photon4 nessus5 kitploit1 mageia1