Vulnerability Name: | CVE-2017-12459 (CCN-130135) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2017-07-26 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2017-07-26 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2017-08-07 | ||||||||||||||||||||||||||||||||||||||||
Summary: | The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-12459 Source: CCN Type: IBM Security Bulletin 2012605 (PureData System for Analytics) Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics Source: CCN Type: IBM Security Bulletin 2012609 (PureData System for Analytics) Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. Source: XF Type: UNKNOWN gnu-binutils-cve201712459-code-exec(130135) Source: CCN Type: Sourceware Bugzilla Bug 21840 Undefined behavior round 3 Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://sourceware.org/bugzilla/show_bug.cgi?id=21840 Source: CCN Type: binutils GIT Repository Fix address violation issues encountered when parsing corrupt binaries. | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |