CVE-2017-14729: Buffer Overflow
First published: Mon Sep 25 2017(Updated: )
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu/binutils | =2.29 |
Remedy
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
Remedy
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22170
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=56933f9e3e90eebf1018ed7417d6c1184b91db6b
Frequently Asked Questions
What is the severity of CVE-2017-14729?
CVE-2017-14729 has been classified with a medium severity due to its potential for denial of service and application crash.
How do I fix CVE-2017-14729?
To fix CVE-2017-14729, upgrade to a later version of GNU Binutils that addresses this vulnerability.
What systems are impacted by CVE-2017-14729?
CVE-2017-14729 affects GNU Binutils version 2.29.
What type of exploitation may occur due to CVE-2017-14729?
Exploitation of CVE-2017-14729 may lead to a heap-based buffer overflow, resulting in application crashes.
Is CVE-2017-14729 a local or remote vulnerability?
CVE-2017-14729 is considered a remote vulnerability as it can be exploited by remote attackers.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/ubuntu/binutils
- version/ubuntu/binutils/2.29