CVE-2017-7303

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
gnubinutils
2.28
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
binutils
bullseye
2.35.2-2
fixed
jessie
ignored
wheezy
not-affected
bookworm
2.40-2
fixed
sid
2.43.1-5
fixed
trixie
2.43.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
zesty
not-affected
yakkety
ignored
xenial
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97213
https://sourceware.org/bugzilla/show_bug.cgi?id=20922
http://www.securityfocus.com/bid/97213
https://sourceware.org/bugzilla/show_bug.cgi?id=20922