Home > Vulnerability Database > CVE-2017-7226

Mend.io Vulnerability Database

CVE-2017-7226

Date: March 22, 2017

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

Language: C

Severity Score

9.1

Related Resources (5)

Url: https://sourceware.org/bugzilla/show_bug.cgi?id=20905

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-7226

Url: https://access.redhat.com/security/cve/CVE-2017-7226

Url: https://security-tracker.debian.org/tracker/CVE-2017-7226

Url: https://www.mend.io/vulnerability-database/CVE-2017-7226

Severity Score

9.1

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-7226

Date: March 22, 2017

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?