CVE-2017-17080

Priority
Description
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as
distributed in GNU Binutils 2.29.1, does not validate sizes of core notes,
which allows remote attackers to cause a denial of service (bfd_getl32
heap-based buffer over-read and application crash) via a crafted object
file, related to elfcore_grok_netbsd_procinfo,
elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
Notes
Package
Upstream:released (2.29.90.20180122-1)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.30-21ubuntu1~18.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.32-7ubuntu4)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.32-8ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.32-8ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=80a0437873045cc08753fcac4af154e2931a99fd
More Information

Updated: 2019-12-05 19:46:37 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)