CVE-2017-12448

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.

packagechannelchannel versionpkg versionstatus
binutils-unwrapped
nixos-18.03
2019-02-20 10:25:14 UTC (cb0e20)2.28.1vulnerable
2019-01-16 18:00:31 UTC (138f2c)2.28.1vulnerable
2018-12-09 06:05:37 UTC (b551f8)2.28.1vulnerable
2018-11-29 21:00:31 UTC (a18112)2.28.1vulnerable
2018-11-28 06:10:25 UTC (9c96d1)2.28.1vulnerable
2018-11-23 12:45:42 UTC (e64482)2.28.1vulnerable
2018-11-20 12:35:27 UTC (947247)2.28.1vulnerable
2018-11-16 21:00:27 UTC (263f7b)2.28.1vulnerable
2018-11-14 10:35:19 UTC (1d8470)2.28.1vulnerable
2018-11-05 13:10:34 UTC (21b7f5)2.28.1vulnerable
2018-11-02 08:50:28 UTC (0e614d)2.28.1vulnerable
2018-10-30 16:25:07 UTC (19fc6d)2.28.1vulnerable
2018-10-30 14:40:31 UTC (6f07d2)2.28.1vulnerable
2018-10-28 11:35:42 UTC (b4e3a4)2.28.1vulnerable
2018-10-15 12:50:34 UTC (5d19e3)2.28.1vulnerable
2018-10-13 20:20:17 UTC (e85e0c)2.28.1vulnerable
2018-10-13 09:40:17 UTC (d592f2)2.28.1vulnerable
2018-10-11 15:15:08 UTC (5a38f7)2.28.1vulnerable
2018-10-09 11:20:30 UTC (c56ede)2.28.1vulnerable
2018-10-05 13:25:12 UTC (862fb5)2.28.1vulnerable
2018-10-05 13:00:32 UTC (c4eddc)2.28.1vulnerable
2018-09-21 06:10:31 UTC (d16a7a)2.28.1vulnerable
2018-09-19 17:10:27 UTC (8edf56)2.28.1vulnerable
2018-09-18 17:55:38 UTC (305f13)2.28.1vulnerable
2018-09-16 07:30:36 UTC (01f5e7)2.28.1vulnerable
2018-09-13 15:30:12 UTC (5f59ab)2.28.1vulnerable
2018-09-08 09:20:09 UTC (45f52f)2.28.1vulnerable
2018-09-02 21:10:32 UTC (8b92a4)2.28.1vulnerable
2018-09-02 14:20:10 UTC (8c172c)2.28.1vulnerable
2018-09-01 13:55:20 UTC (a960b8)2.28.1vulnerable
2018-08-31 04:20:38 UTC (a37638)2.28.1vulnerable
2018-08-29 17:10:10 UTC (edd63e)2.28.1vulnerable
2018-08-24 19:10:30 UTC (fde201)2.28.1vulnerable
2018-08-23 23:50:20 UTC (f094fd)2.28.1vulnerable
2018-08-19 18:15:22 UTC (4df342)2.28.1vulnerable
2018-08-18 23:45:22 UTC (47b68d)2.28.1vulnerable
2018-08-17 21:25:22 UTC (a4e068)2.28.1vulnerable
2018-08-17 14:30:05 UTC (cd0cd9)2.28.1vulnerable
2018-08-16 13:20:15 UTC (c1ef96)2.28.1vulnerable
2018-08-16 08:30:34 UTC (8b4ed6)2.28.1vulnerable
2018-08-15 15:40:37 UTC (5b8a24)2.28.1vulnerable
2018-08-15 05:50:22 UTC (66bd47)2.28.1vulnerable
2018-08-14 17:35:19 UTC (9cbc73)2.28.1vulnerable
2018-08-13 09:25:26 UTC (10b979)2.28.1vulnerable
2018-08-13 03:20:34 UTC (89ff9f)2.28.1vulnerable
2018-08-12 04:35:15 UTC (bfeab2)2.28.1vulnerable
2018-08-12 00:00:33 UTC (190ec7)2.28.1vulnerable
2018-08-10 22:20:22 UTC (e42c07)2.28.1vulnerable
2018-08-10 17:05:22 UTC (2c3f9c)2.28.1vulnerable
2018-08-09 21:05:22 UTC (3af001)2.28.1vulnerable
2018-08-07 05:10:16 UTC (230f98)2.28.1vulnerable
2018-08-03 03:05:12 UTC (d0c868)2.28.1vulnerable
2018-08-02 12:45:41 UTC (18401b)2.28.1vulnerable
2018-08-02 06:10:24 UTC (0e55dd)2.28.1vulnerable
2018-08-01 00:55:32 UTC (a1299c)2.28.1vulnerable
2018-07-31 16:00:28 UTC (b74b1c)2.28.1vulnerable
2018-07-30 09:15:16 UTC (6115f4)2.28.1vulnerable
2018-07-20 17:40:08 UTC (d6c6c7)2.28.1vulnerable
2018-07-12 04:35:08 UTC (411cc5)2.28.1vulnerable
2018-07-10 08:10:12 UTC (aec217)2.28.1vulnerable
2018-07-10 03:15:29 UTC (5e10df)2.28.1vulnerable
2018-07-09 02:40:20 UTC (e930c6)2.28.1vulnerable
2018-07-08 17:55:36 UTC (de7ca4)2.28.1vulnerable
2018-07-08 10:25:33 UTC (298e17)2.28.1vulnerable
2018-07-04 20:00:25 UTC (56fad1)2.28.1vulnerable
2018-06-30 13:55:14 UTC (2f06e0)2.28.1vulnerable
2018-06-29 17:10:06 UTC (0a70d6)2.28.1vulnerable
2018-06-25 10:30:35 UTC (94d80e)2.28.1vulnerable
2018-06-23 08:30:21 UTC (91b286)2.28.1vulnerable
2018-06-21 23:25:24 UTC (68e02f)2.28.1vulnerable
2018-06-17 01:05:39 UTC (14c248)2.28.1vulnerable
2018-06-16 09:40:33 UTC (f3c913)2.28.1vulnerable
2018-06-14 21:57:20 UTC (08d245)2.28.1vulnerable