First published: Thu May 18 2017(Updated: )
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.28 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.1-5 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2017-9038.
The title of this vulnerability is 'GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read ...'
This vulnerability can cause a denial of service (heap-based buffer over-read and application crash).
This vulnerability can be exploited by a remote attacker by using a crafted ELF file.
GNU Binutils versions 2.26.1-1ubuntu1~16.04.8+ and 2.28-6 are affected.
To fix this vulnerability, update GNU Binutils to version 2.31.1-16, 2.35.2-2, 2.40-2, or 2.41-5.
You can find more information about this vulnerability at the following references: [Reference 1](https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/), [Reference 2](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d), [Reference 3](http://www.securityfocus.com/bid/98589)