Candidate: CVE-2017-9955 PublicDate: 2017-06-26 23:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955 Description: The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. Ubuntu-Description: Notes: sbeattie> PoC in bug report leosilva> fix for this issue causes a serious regression in xenial leosilva> in arm64 and armhf Bugs: https://sourceware.org/bugzilla/show_bug.cgi?id=21665 Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM] Patches_binutils: upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cfd14a500e0485374596234de4db10e88ebc7618 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0630b49c470ca2e3c3f74da4c7e4ff63440dd71f upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1f473e3d0ad285195934e6a077c7ed32afe66437 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab27f80c5dceaa23c4ba7f62c0d5d22a5d5dd7a1 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7211ae501eb0de1044983f2dfb00091a58fbd66c upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea9aafc41a764e4e2dbb88a7b031e886b481b99a upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=60a02042bacf8d25814430080adda61ed086bca6 upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bae7501e87ab614115d9d3213b4dd18d96e604db upstream_binutils: released (2.29) precise/esm_binutils: ignored (end of ESM support, was needed) trusty_binutils: ignored (reached end-of-life) trusty/esm_binutils: needed vivid/ubuntu-core_binutils: DNE xenial_binutils: ignored (end of standard support, was needed) esm-infra/xenial_binutils: needed yakkety_binutils: ignored (reached end-of-life) zesty_binutils: ignored (reached end-of-life) artful_binutils: not-affected (2.29-1ubuntu1) bionic_binutils: not-affected (2.29-1ubuntu1) cosmic_binutils: not-affected (2.29-1ubuntu1) disco_binutils: not-affected (2.29-1ubuntu1) eoan_binutils: not-affected (2.29-1ubuntu1) focal_binutils: not-affected (2.29-1ubuntu1) groovy_binutils: not-affected (2.29-1ubuntu1) hirsute_binutils: not-affected (2.29-1ubuntu1) impish_binutils: not-affected (2.29-1ubuntu1) jammy_binutils: not-affected (2.29-1ubuntu1) devel_binutils: not-affected (2.29-1ubuntu1)