Vulnerability Details : CVE-2017-1000249
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-1000249
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 22 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-1000249
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-1000249
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000249
-
https://security.gentoo.org/glsa/201710-02
file: Stack-based buffer overflow (GLSA 201710-02) — Gentoo security
-
http://www.debian.org/security/2017/dsa-3965
Debian -- Security Information -- DSA-3965-1 file
-
https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d
Extend build-id reporting to 8-byte IDs that lld can generate (Ed Maste) · file/file@9611f31 · GitHubPatch;Third Party Advisory
-
https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
Fix always true condition (Thomas Jarosch) · file/file@35c94dc · GitHubPatch;Third Party Advisory
Products affected by CVE-2017-1000249
- cpe:2.3:a:file_project:file:5.29:*:*:*:*:*:*:*