| Vulnerability Name: | CVE-2017-14939 (CCN-132996) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2017-09-24 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2017-09-24 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2019-10-03 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
3.0 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-125 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-14939 Source: BID Type: UNKNOWN 101216 Source: CCN Type: BID-101216 GNU Binutils CVE-2017-14939 Remote Denial of Service Vulnerability Source: CCN Type: agostino's blog, September 26, 2017 binutils: heap-based buffer overflow in read_1_byte (dwarf2.c) Source: MISC Type: Patch, Third Party Advisory, VDB Entry https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/ Source: XF Type: UNKNOWN gnu-binutils-cve201714939-dos(132996) Source: CCN Type: Packet Storm Security [10-12-2017] binutils 2.29.51.20170921 read_1_byte Heap-Based Buffer Overflow Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://sourceware.org/bugzilla/show_bug.cgi?id=22169 Source: CCN Type: binutils-gdb.git Repository PR22169, heap-based buffer overflow in read_1_byte Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [10-10-2017] Source: EXPLOIT-DB Type: UNKNOWN 42970 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-14939 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||