CVE-2017-7303

EUVD-2017-16330
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
gnubinutils
2.28
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
binutils
bookworm
2.40-2
fixed
bullseye
2.35.2-2
fixed
jessie
ignored
sid
2.43.1-5
fixed
trixie
2.43.1-5
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
precise
not-affected
trusty
not-affected
xenial
not-affected
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97213
https://sourceware.org/bugzilla/show_bug.cgi?id=20922
http://www.securityfocus.com/bid/97213
https://sourceware.org/bugzilla/show_bug.cgi?id=20922