Vulnerability Description
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.29.1 |
Related Weaknesses (CWE)
References
- https://security.gentoo.org/glsa/201811-17
- https://sourceware.org/bugzilla/show_bug.cgi?id=22385ExploitIssue TrackingPatch
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=6cee897971d4d7cd37d
- https://security.gentoo.org/glsa/201811-17
- https://sourceware.org/bugzilla/show_bug.cgi?id=22385ExploitIssue TrackingPatch
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=6cee897971d4d7cd37d
FAQ
What is CVE-2017-16831?
CVE-2017-16831 is a vulnerability with a CVSS score of 7.8 (HIGH). coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of servic...
How severe is CVE-2017-16831?
CVE-2017-16831 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16831?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.