CVE-2017-7223 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Binutils	2.28

Related Weaknesses (CWE)

CWE-119

References

https://security.gentoo.org/glsa/201801-01
https://sourceware.org/bugzilla/show_bug.cgi?id=20898Issue TrackingPatch
https://security.gentoo.org/glsa/201801-01
https://sourceware.org/bugzilla/show_bug.cgi?id=20898Issue TrackingPatch

FAQ

What is CVE-2017-7223?

CVE-2017-7223 is a vulnerability with a CVSS score of 7.5 (HIGH). GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

How severe is CVE-2017-7223?

CVE-2017-7223 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7223?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.