CVE-2017-12799
Description
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in the elf_read_notes function of GNU Binutils 2.29 allows denial of service via a crafted binary file.
Vulnerability
The vulnerability resides in the elf_read_notes function within bfd/elf.c of GNU Binutils 2.29. It is triggered when processing a specifically crafted binary file (ELF format) that causes a buffer overflow, leading to an application crash. This affects all users of Binutils 2.29, including those who compile or analyze untrusted binaries [1].
Exploitation
An attacker can exploit this issue by enticing a user to compile, execute, or analyze a maliciously crafted binary file. No special network position or authentication is required; the attack vector is local or remote via file delivery (e.g., email, download). The user must process the file with a tool from the Binutils suite (e.g., objdump, nm, size) that utilizes the BFD library [1].
Impact
Successful exploitation causes a denial of service due to a buffer overflow, which may crash the application. The official description notes the possibility of unspecified other impact, but the primary documented consequence is crash/DoS. No privilege escalation or code execution is confirmed in the references [1].
Mitigation
The Gentoo security advisory (GLSA 201801-01) recommends upgrading to Binutils version 2.29.1-r1 or later. Users should run emerge --sync and then emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.29.1-r1". No workarounds are available for users who cannot upgrade [1].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- osv-coords15 versionspkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweedpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.37-1.3+ 14 more
- (no CPE)range: < 2.37-1.3
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- sourceware.org/bugzilla/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/100292nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201801-01nvd
News mentions
0No linked articles in our index yet.