The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-16828 | The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. | MEDIUM | Nov 15, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-16829 | The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. | MEDIUM | Nov 15, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-16830 | The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. | MEDIUM | Nov 15, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-16831 | coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. | MEDIUM | Nov 15, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-16832 | The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | MEDIUM | Nov 15, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-16932 | parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. | MEDIUM | Nov 23, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-1000255 | On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: 5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace) which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. | MEDIUM | Oct 31, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-1000257 | An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl\'s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. | MEDIUM | Nov 5, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2017-12150 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | MEDIUM | Nov 8, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12151 | A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. | MEDIUM | Nov 8, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12163 | An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | MEDIUM | Nov 8, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-15306 | The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. | MEDIUM | Nov 6, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2017-15672 | The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | MEDIUM | Nov 6, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-15996 | elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a buffer overflow on fuzzed archive header, related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. | MEDIUM | Nov 1, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-3736 | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. | MEDIUM | Nov 5, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-15186 | Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | MEDIUM | Oct 24, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15265 | Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. | Medium | Oct 24, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-15649 | net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | MEDIUM | Oct 19, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-15671 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). | Medium | Oct 24, 2017 | 10.17.41.9 (Wind River Linux LTS 17) |
| CVE-2017-15873 | The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | MEDIUM | Oct 24, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15906 | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | MEDIUM | Oct 25, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15908 | In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the \'systemd-resolved\' service and cause a DoS of the affected service. | MEDIUM | Oct 28, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15938 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). | MEDIUM | Oct 27, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15939 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. | MEDIUM | Oct 27, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-12967 | The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | Medium | Aug 21, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-1000254 | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | MEDIUM | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-12188 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-12192 | A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-13077 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13082 | Wi-Fi Protected Access (WPA and WPA2) accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13086 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13723 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | MEDIUM | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-14745 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | Medium | Sep 29, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-14767 | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | Medium | Oct 3, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-14932 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14933 | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | Medium | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14934 | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | Medium | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14938 | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14939 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14940 | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14974 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | Medium | Oct 5, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15018 | LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. | MEDIUM | Oct 4, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-15019 | LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | MEDIUM | Oct 4, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-15020 | dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | MEDIUM | Oct 4, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15021 | bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | MEDIUM | Oct 4, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15022 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15023 | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15024 | find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15025 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15045 | LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. | MEDIUM | Oct 6, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
