CVE-2017-9752

Upstream information

CVE-2017-9752 at MITRE

Description

bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution.

---

SUSE information

CVSS v2 Scores

	SUSE
Base Score	4.30
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores

	SUSE
Base Score	3.1
Vector	AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Access Vector	Network
Access Complexity	High
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Low

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1044920 [RESOLVED / ]

No SUSE Security Announcements cross referenced.

---

List of planned updates

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.

Product(s)

Source package

OpenStack Cloud Magnum Orchestration 7.0 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise SDK 11 SP4 SUSE Linux Enterprise SDK 12 SP2 SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 GA SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP 11 SP3 SUSE Linux Enterprise Server for SAP 11 SP4 SUSE Linux Enterprise Server for SAP 12 GA SUSE Linux Enterprise Server for SAP 12 SP1 SUSE Linux Enterprise Server for SAP 12 SP2

binutils