Bugzilla – Bug 1044867
VUL-0: CVE-2017-9742: binutils: DoS in score_opcodes function in opcodes/score7-dis.c
Last modified: 2018-06-15 14:37:05 UTC
CVE-2017-9742 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9742 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742 https://sourceware.org/bugzilla/show_bug.cgi?id=21576
Upstream Fix: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e
The reproducer at https://sourceware.org/bugzilla/show_bug.cgi?id=21576 is not working on SLE or openSUSE systems. #> objdump -D testcase.cve-2017-9742 testcase.cve-2017-9742: file format elf32-little objdump: can't disassemble for architecture UNKNOWN!
We do not enable the SCORE architecture in our binutils build.