Invalid Read Vulnerability in GNU Binutils 2.28 Leads to GNU Linker Crash

Invalid Read Vulnerability in GNU Binutils 2.28 Leads to GNU Linker Crash

CVE-2017-7299 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.

Learn more about our Web Application Penetration Testing UK.