First published: Wed Mar 22 2017(Updated: )
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.28 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-7227 is high.
The vulnerability in CVE-2017-7227 occurs due to a heap-based buffer overflow while processing a bogus input script.
The vulnerability in CVE-2017-7227 can lead to a program crash.
To fix the vulnerability in CVE-2017-7227, update the affected GNU Binutils package to version 2.26.1-1ubuntu1~16.04.8+ or later.
You can find more information about CVE-2017-7227 at the following references: [sourceware.org](https://sourceware.org/bugzilla/show_bug.cgi?id=20906), [securityfocus.com](http://www.securityfocus.com/bid/97209), [security.gentoo.org](https://security.gentoo.org/glsa/201801-01).