CVE-2017-17080 in Ubuntu

CVE-2017-17080

Priority

Description

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as
distributed in GNU Binutils 2.29.1, does not validate sizes of core notes,
which allows remote attackers to cause a denial of service (bfd_getl32
heap-based buffer over-read and application crash) via a crafted object
file, related to elfcore_grok_netbsd_procinfo,
elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=22421

Notes

Package

Source: binutils (LP Ubuntu Debian)

Upstream:	released (2.29.90.20180122-1)
Ubuntu 12.04 ESM (Precise Pangolin):	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (2.30-21ubuntu1~18.04.1)
Ubuntu 19.04 (Disco Dingo):	not-affected (2.32-7ubuntu4)
Ubuntu 19.10 (Eoan Ermine):	not-affected (2.32-8ubuntu1)
Ubuntu 20.04 (Focal Fossa):	not-affected (2.32-8ubuntu1)

Patches:

Upstream:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=80a0437873045cc08753fcac4af154e2931a99fd

More Information

Updated: 2019-12-05 19:46:37 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)