Bug 1070764 - (CVE-2017-17080) VUL-0: CVE-2017-17080: binutils: elf.c in the libbfd, as distributedin GNU Binutils does not validate sizes of core notes, which allows remote attackers to cause a denial of service
(CVE-2017-17080)
VUL-0: CVE-2017-17080: binutils: elf.c in the libbfd, as distributedin GNU Bi...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michael Matz
Security Team bot
https://smash.suse.de/issue/196003/
CVSSv3:RedHat:CVE-2017-17080:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-01 10:59 UTC by Victor Pereira
Modified: 2020-04-01 17:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-12-01 10:59:13 UTC
CVE-2017-17080

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed
in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows
remote attackers to cause a denial of service (bfd_getl32 heap-based buffer
over-read and application crash) via a crafted object file, related to
elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and
elfcore_grok_nto_status.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17080
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17080.html
http://www.cvedetails.com/cve/CVE-2017-17080/
https://sourceware.org/bugzilla/show_bug.cgi?id=22421
Comment 1 Johannes Segitz 2018-06-20 07:19:59 UTC
SUSE will not provide a fix for this issue since the risk to our customers posed by it is negligible.