CVE-2017-1000249

Public on 2017-09-11

Modified on 2017-10-03

Description

An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).

Severity

Important

See what this means

CVSS v3 Base Score

7.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	file	2017-10-03 11:00	ALAS-2017-900

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv2	2.1	AV:L/AC:L/Au:N/C:N/I:P/A:N
NVD	CVSSv3	5.5	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

Red Hat: CVE-2017-1000249 Mitre: CVE-2017-1000249 FAQs regarding Amazon Linux ALAS/CVE Severity