Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17124

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

Published

2017-12-04T08:29:00.577

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	binutils	2.29.1	Yes

References

https://security.gentoo.org/glsa/201811-17 ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=22507 Exploit, Issue Tracking ([email protected])
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c ([email protected])
https://security.gentoo.org/glsa/201811-17 (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/bugzilla/show_bug.cgi?id=22507 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c (af854a3a-2127-422b-91ae-364da2661108)