1
Candidate: CVE-2017-7300
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300
5
https://sourceware.org/bugzilla/show_bug.cgi?id=20909
6
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=531336e3a0b79ed60cfc36ad2d6579b6a71175da
8
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
9
GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h
10
that is vulnerable to a heap-based buffer over-read (off-by-one) because of
11
an incomplete check for invalid string offsets while loading symbols,
12
leading to a GNU linker (ld) program crash.
17
Discovered-by: Marcel Böhme
21
upstream_binutils: released (2.27.51.20161212-1)
22
precise_binutils: ignored (reached end-of-life)
23
precise/esm_binutils: needed
24
trusty_binutils: needed
25
vivid/stable-phone-overlay_binutils: DNE
26
vivid/ubuntu-core_binutils: DNE
27
xenial_binutils: needed
28
yakkety_binutils: ignored (reached end-of-life)
29
zesty_binutils: not-affected (2.28-1ubuntu1)
30
artful_binutils: not-affected (2.28-1ubuntu1)
31
bionic_binutils: not-affected (2.28-1ubuntu1)
32
devel_binutils: not-affected (2.28-1ubuntu1)