CVE-2017-17126

EUVD-2017-8292
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
gnubinutils
2.29.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
binutils
bookworm
2.40-2
fixed
bullseye
2.35.2-2
fixed
jessie
ignored
sid
2.43.1-5
fixed
stretch
ignored
trixie
2.43.1-5
fixed
wheezy
ignored
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
trusty
not-affected
xenial
not-affected
zesty
ignored
Common Weakness Enumeration
References
https://security.gentoo.org/glsa/201811-17
https://sourceware.org/bugzilla/show_bug.cgi?id=22510
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8
https://security.gentoo.org/glsa/201811-17
https://sourceware.org/bugzilla/show_bug.cgi?id=22510
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8