CVE-2017-16830

Exploit

EPSS 0.26%
Published 15.11.2017 08:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Binutils Version2.29.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.489

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://security.gentoo.org/glsa/201811-17

http://www.securityfocus.com/bid/101941

Third Party Advisory

VDB Entry

https://sourceware.org/bugzilla/show_bug.cgi?id=22384

Patch

Exploit

Issue Tracking

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4

https://nvd.nist.gov/vuln/detail/CVE-2017-16830

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16830

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16830

EUVD