Open mend-for-github-com[bot] opened 4 years ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2017-12455 - High Severity Vulnerability
Vulnerable Libraries - src7b6d306a3e61de7ebaab494fc46227d42f2b6f0e, srcdc68203c791d61132fb706541d939ef160c2e638
Vulnerability Details
The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
Publish Date: 2017-08-04
URL: CVE-2017-12455
CVSS 3 Score Details (7.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-12455
Release Date: 2017-08-04
Fix Resolution: binutils - 2.29-8,2.29-8,2.29-8