CVE-2017-12448

Impact:
Moderate
Public Date:
2017-07-19
CWE:
CWE-416
Bugzilla:
1483581: CVE-2017-12448 binutils: heap use after free in bfd_cache_close function

The MITRE CVE dictionary describes this issue as:

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.

Find out more about CVE-2017-12448 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 binutils Not affected
Red Hat Enterprise Linux 6 binutils Not affected
Red Hat Enterprise Linux 5 binutils Not affected
Last Modified

CVE description copyright © 2017, The MITRE Corporation