CVE-2017-12459
Published: 4 August 2017
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.
Notes
Author | Note |
---|---|
sbeattie | same commit as CVE-2017-12455 |
Priority
Status
Package | Release | Status |
---|---|---|
binutils Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(2.29.1-1ubuntu1)
|
bionic |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
cosmic |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
disco |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
eoan |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
focal |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
groovy |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
hirsute |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
impish |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
jammy |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
kinetic |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
lunar |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
mantic |
Not vulnerable
(2.29.1-1ubuntu1)
|
|
trusty |
Needed
|
|
upstream |
Released
(2.29.1)
|
|
xenial |
Released
(2.26.1-1ubuntu1~16.04.8+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
zesty |
Ignored
(end of life)
|
|
Patches: other: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc other: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=796337aa8ba0aa0397c07c264f82fe8eb9fd46e0 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |