CVE-2017-1000249

Impact:
Important
Public Date:
2017-09-05
CWE:
CWE-121
Bugzilla:
1488053: CVE-2017-1000249 file: Stack-based buffer overflow in do_bid_note()

The MITRE CVE dictionary describes this issue as:

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

Find out more about CVE-2017-1000249 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-php70-php Not affected
Red Hat Software Collections for Red Hat Enterprise Linux php55-php Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-php56-php Not affected
Red Hat Software Collections for Red Hat Enterprise Linux php54-php Not affected
Red Hat OpenShift Enterprise 3 file Not affected
Red Hat Enterprise Linux 7 php Not affected
Red Hat Enterprise Linux 7 file Not affected
Red Hat Enterprise Linux 6 php Not affected
Red Hat Enterprise Linux 6 file Not affected
Red Hat Enterprise Linux 5 rpm Not affected
Red Hat Enterprise Linux 5 php53 Not affected
Red Hat Enterprise Linux 5 file Not affected
Red Hat Enterprise Linux 5 cdrtools Not affected

Acknowledgements

Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting this issue.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.