Vulnerability Name: | CVE-2017-12451 (CCN-130145) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2017-07-19 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2017-07-19 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2017-08-07 | ||||||||||||||||||||||||||||||||||||||||
Summary: | The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-125 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-12451 Source: CCN Type: IBM Security Bulletin 2012605 (PureData System for Analytics) Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics Source: CCN Type: IBM Security Bulletin 2012609 (PureData System for Analytics) Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. Source: XF Type: UNKNOWN gnu-binutils-cve201712451-dos(130145) Source: CCN Type: Sourceware Bugzilla Bug 21786 Stack-buffer-overflow in {coff,coff64}-rs6000.c Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://sourceware.org/bugzilla/show_bug.cgi?id=21786 Source: CCN Type: binutils GIT Repository Extend previous fix to coff-rs6000.c to coff64-rs6000.c | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |