What is CVE-2017-17124?

CVE-2017-17124 is a high-severity vulnerability in Gnu Binutils, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-12-04.

How severe is CVE-2017-17124?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-17124 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Gnu Binutils

CVE-2017-17124

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote at…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (60.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Gnu Binutils — versions 2.29.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC, Issue Tracking)
cve@mitre.org (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2017-17124?: CVE-2017-17124 is a high-severity vulnerability in Gnu Binutils, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-12-04.
How severe is CVE-2017-17124?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-17124 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.