CVE-2017-7302

2017-03-2915:59:00

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

31.7%

JSON

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

CPENameOperatorVersion
binutils-gdb.giteqgdb_7_2-branchpoint
binutils-gdb.giteqgdb_6_7-branchpoint
binutils-gdb.giteqreadline_4_0
binutils-gdb.giteqgdb_5_2-branchpoint
binutils-gdb.giteqgdb_5_3-branchpoint
binutils-gdb.giteqgdb_7_0-branchpoint
binutils-gdb.giteqgdb_6_5-branchpoint
binutils-gdb.giteqgdb_7_4-branchpoint
binutils-gdb.giteqgdb-7.8-branchpoint
binutils-gdb.giteqgdb_6_4-branchpoint

Name	Operator	Version
binutils-gdb.git	eq	gdb_7_2-branchpoint
binutils-gdb.git	eq	gdb_6_7-branchpoint
binutils-gdb.git	eq	readline_4_0
binutils-gdb.git	eq	gdb_5_2-branchpoint
binutils-gdb.git	eq	gdb_5_3-branchpoint
binutils-gdb.git	eq	gdb_7_0-branchpoint
binutils-gdb.git	eq	gdb_6_5-branchpoint
binutils-gdb.git	eq	gdb_7_4-branchpoint
binutils-gdb.git	eq	gdb-7.8-branchpoint
binutils-gdb.git	eq	gdb_6_4-branchpoint