9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
binutils is vulnerable to denial of service. A NULL pointer dereference in the bfd_elf_final_link
function allows a remote attacker to crash the application via an int main() {return 0;}
program.
CPE | Name | Operator | Version |
---|---|---|---|
binutils | eq | 2.27__27.base.el7-2.27__34.base.el7 | |
binutils | eq | 2.27__27.base.el7-2.27__34.base.el7 |
blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/
security.gentoo.org/glsa/201709-02
sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff;f=bfd/elflink.c;h=9bf75c849bb0eb18572038711d9f94305233055f;hp=776357fe68521ba11a7f443f48e3b93409ae2dc4;hb=ad32986fdf9da1c8748e47b8b45100398223dba8;hpb=db3a1dc7c9404e203c54576db3335e69d995e83e
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P