Vulnerability CVE-2017-15023

Vulnerability Name:

CVE-2017-15023 (CCN-133223)

Assigned:

2017-10-04

Published:

2017-10-04

Updated:

2018-01-09

Summary:

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-15023

Source: BID
Type: UNKNOWN
101611

Source: CCN
Type: BID-101611
GNU Binutils CVE-2017-15023 Remote Denial of Service Vulnerability

Source: CCN
Type: agostino's blog, October 3, 2017
binutils: NULL pointer dereference in concat_filename (dwarf2.c)

Source: MISC
Type: Patch, Third Party Advisory, VDB Entry
https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/

Source: XF
Type: UNKNOWN
gnu-binutils-cve201715023-dos(133223)

Source: GENTOO
Type: UNKNOWN
GLSA-201801-01

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=22200

Source: CCN
Type: binutils-gdb.git Repository
PR22200, DWARF5 .debug_line sanity check

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:binutils:2.29:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:binutils:2.29:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.xenial:def:2017150230000000	V	CVE-2017-15023 on Ubuntu 16.04 LTS (xenial) - low.	2017-10-05
oval:com.ubuntu.disco:def:2017150230000000	V	CVE-2017-15023 on Ubuntu 19.04 (disco) - low.	2017-10-05
oval:com.ubuntu.bionic:def:2017150230000000	V	CVE-2017-15023 on Ubuntu 18.04 LTS (bionic) - low.	2017-10-05
oval:com.ubuntu.artful:def:201715023000	V	CVE-2017-15023 on Ubuntu 17.10 (artful) - low.	2017-10-04
oval:com.ubuntu.xenial:def:201715023000	V	CVE-2017-15023 on Ubuntu 16.04 LTS (xenial) - low.	2017-10-04
oval:com.ubuntu.bionic:def:201715023000	V	CVE-2017-15023 on Ubuntu 18.04 LTS (bionic) - low.	2017-10-04
oval:com.ubuntu.cosmic:def:2017150230000000	V	CVE-2017-15023 on Ubuntu 18.10 (cosmic) - low.	2017-10-04
oval:com.ubuntu.cosmic:def:201715023000	V	CVE-2017-15023 on Ubuntu 18.10 (cosmic) - low.	2017-10-04
oval:com.ubuntu.trusty:def:201715023000	V	CVE-2017-15023 on Ubuntu 14.04 LTS (trusty) - low.	2017-10-04

BACK