CVE-2017-7302

Source
https://cve.org/CVERecord?id=CVE-2017-7302
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7302.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7302
Downstream
Related
Published
2017-03-29T15:59:00.257Z
Modified
2026-07-08T12:28:16.285388Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swapstdreloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

References

Affected packages

Git / sourceware.org/git/binutils-gdb.git

Affected ranges

Type
GIT
Repo
https://sourceware.org/git/binutils-gdb.git
Events
Introduced
7fa393306ed8b93019d225548474c0540b8928f7
Last affected
7fa393306ed8b93019d225548474c0540b8928f7
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.28"
        },
        {
            "last_affected": "2.28"
        }
    ]
}

Affected versions

2.*
2.28
Other
binutils-2_28

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7302.json"