High severity7.5NVD Advisory· Published Mar 29, 2017· Updated May 13, 2026

CVE-2017-7302

Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

Affected products

GNU/Binutils2 versions
cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*
- (no CPE)range: = 2.28
osv-coords21 versions
pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.37-1.3+ 20 more
- (no CPE)range: < 2.37-1.3
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.31-9.26.1
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2
- (no CPE)range: < 2.29.1-9.20.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/97216nvdPatchVDB Entry
sourceware.org/bugzilla/show_bug.cginvdIssue TrackingPatch

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000