CVE-2017-6966

Source
Severity High
Remote No
Type Arbitrary code execution
Description
readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. A crafted executable or shared library could lead to a crash or possible code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-276 binutils 2.28.0-4 High Vulnerable
References
https://sourceware.org/bugzilla/show_bug.cgi?id=21139
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9