9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs.
CVEID: CVE-2017-14129**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in the read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131422 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-14130**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in the _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131423 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-13710**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in setup_group function in elf.c in the Binary File Descriptor (BFD) library. By using a small group section, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131063 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-14333**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an integer overflow process_version_sections function in readelf.c. By using a specially-crafted binary file, a local attacker could exploit this vulnerability to cause the system to hang.
CVSS Base Score: 3.3
CVSS Temporal Score: _See _https://exchange.xforce.ibmcloud.com/vulnerabilities/131933 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-12448**
DESCRIPTION:** GNU Binutils could allow a remote attacker to execute arbitrary code on the system, caused by a heap use after free in bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library. By using a specially-crafted nested archive file, an attacker could exploit this vulnerability to possibly execute arbitrary code.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130146 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-12449**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds heap read in _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library. By using a specially-crafted vms file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130137 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12450**
DESCRIPTION:** GNU Binutils could allow a remote attacker to execute arbitrary code on the system, caused by an out of bounds heap write in alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library. By using a specially-crafted mach-o file, an attacker could exploit this vulnerability to possibly execute arbitrary code.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130136 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-12451**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds stack read in _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library. By using a specially-crafted COFF image file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130145 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12452**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library. By using a specially-crafted mach-o file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130140 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12453**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds heap read in _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library. By using a specially-crafted vms alpha file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130141 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12454**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an arbitrary memory read in _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library. By using a specially-crafted binary file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130144 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12455**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds heap read in evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library. By using a specially-crafted vms alpha file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130138 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12456**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds heap read in read_symbol_stabs_debugging_info function in rddbg.c. By using a specially-crafted binary file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130142 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12457**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a NULL dereference in bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130143 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12458**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an out of bounds heap read in nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library. By using a specially-crafted nlm file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130139 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-12459**
DESCRIPTION:** GNU Binutils could allow a remote attacker to execute arbitrary code on the system, caused by an out of bounds heap write bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library. By using a specially-crafted mach-o file, an attacker could exploit this vulnerability to possibly execute arbitrary code.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130135 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-12799**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a buffer overflow in elf_read_notesfunction in bfd/elf.c. By using a specially-crafted binary file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130303 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-12967**
DESCRIPTION:** GNU Binutils libbfd is vulnerable to a denial of service, caused by stack-based buffer over-read in the getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a specially crafted malformed tekhex binary, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130728 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9954**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the getvalue function in tekhex.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-rafted tekhex file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127718 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9754**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127553 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9753**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127552 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9752**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by bfd/vms-alpha.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127551 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9750**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the opcodes/rx-decode.opc. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127549 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9749**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the regs macros in opcodes/bfin-dis.c. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127548 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9745**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127544 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9744**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127541 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9743**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the print_insn_score32 function in opcodes/score7-dis.c. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127540 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9742**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the score_opcodes function in opcodes/score7-dis.c. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127539 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9748**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by improper bounds checking by the ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127547 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9747**
DESCRIPTION:** GNU Binutils is vulnerable to denial of service, caused by improper bounds checking by the ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted binary file, a remote attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127546 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2014-9939**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a stack-based buffer overflow in ihex.c. By using a specially-crafted ihex file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127317 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7299**
DESCRIPTION:** Libbfd library for GNU Binutils is vulnerable to a denial of service, caused by an invalid read flaw in the bfd_elf_final_link function in bfd/elflink.c. By using a specially-crafted input file, a remote attacker could exploit this vulnerability to cause GNU linker (ld) program to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124112 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7227**
DESCRIPTION:** GNU Binutils is vulnerable to multiple heap-based buffer overflows, caused by improper bounds checking by GNU linker (ld). By using a specially-crafted input script, an attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123655 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7224**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a flaw in the find_nearest_line function in objdump. By using a specially-crafted binary, an attacker could exploit this vulnerability to cause the program to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123652 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7223**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a global buffer overflow in the GNU assembler. By using EOF characters, an attacker could exploit this vulnerability to cause the program to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123651 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7210**
DESCRIPTION:** GNU Binutilsis vulnerable to multiple heap-based buffer overflows, caused by improper bounds checking by objdump. By using a specially-crafted object file, an attacker could overflow a buffer and cause the program to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123537 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-6966**
DESCRIPTION:** GNU Binutils is vulnerable to a buffer overflow, caused by a user-after-free flaw in the MSP430 binary. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123388 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-7226**
DESCRIPTION:** GNU Binutils is vulnerable to multiple heap-based buffer overflows, caused by improper bounds checking by pe_ILF_object_p function in the Binary File Descriptor (BFD) library. By using a specially-crafted file, an attacker could overflow a buffer and cause the program to crash and potentially obtain sensitive information.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123654 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
CVEID: CVE-2017-7225**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the find_nearest_line function in addr2line. By using a specially-crafted binary, an attacker could exploit this vulnerability to cause the program to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123653 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-9042**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a flaw in the readelf.c. By using a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-9040**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the process_mips_specific function in readelf.c. By using a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126192 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-9039**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a memory consumption in the get_program_headers function in readelf.c. By using a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126193 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-8421**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a memory leak in the coff_set_alignment_hook function in coffcode.h. By persuading a victim to open a specially-crafted PE file, a remote attacker could exploit this vulnerability to cause memory exhaustion in objdump.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125745 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-8398**
DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an invalid read of size 1 error in dwarf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125533 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Netezza Platform Software| 7.2.1.5-P2| Link to Fix Central
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm puredata system | eq | 1.0.0 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P