Wind River Support Network

HomeDefectsLIN8-7432

Fixed

LIN8-7432 : Security Advisory - binutils - CVE-2017-12448

Created: Aug 11, 2017 Updated: Dec 3, 2018

Resolved Date: Oct 22, 2017

Found In Version: 8.0.0.20

Fix Version: 8.0.0.23

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.

https://nvd.nist.gov/vuln/detail/CVE-2017-12448

Other Downloads

Wind River Linux 8.0.0.23
Wind River Linux 8.0.0.24
Wind River Linux 8.0.0.25
Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34

CVEs

CVE-2017-12448