Multiple denial of service vulnerabilities in GNU Binutils
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU109669
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18605
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the sec_merge_hash_lookup() function in merge.c. A remote attacker can pass a specially crafted ELF file to the application and crash it.
MitigationInstall update from vendor's website.
Vulnerable software versionsBinutils: 2.7 - 2.31
CPE2.3- cpe:2.3:a:gnu:binutils:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:binutils:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:binutils:2.8.1:*:*:*:*:*:*:*
https://security.netapp.com/advisory/ntap-20190307-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23804
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61
https://usn.ubuntu.com/4336-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU109672
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to NULL pointer dereference within the elf_link_input_bfd() function in elflink.c. A remote attacker can trick the victim into processing a specially crafted file and crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsBinutils: 2.7 - 2.31
CPE2.3- cpe:2.3:a:gnu:binutils:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:binutils:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:binutils:2.8.1:*:*:*:*:*:*:*
https://security.netapp.com/advisory/ntap-20190307-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23805
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a
https://usn.ubuntu.com/4336-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU109671
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18606
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to NULL pointer dereference within the merge_strings() function in merge.c. A remote attacker can trick the victim into processing a specially crafted file and crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsBinutils: 2.7 - 2.31
CPE2.3- cpe:2.3:a:gnu:binutils:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:binutils:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:binutils:2.8.1:*:*:*:*:*:*:*
https://security.netapp.com/advisory/ntap-20190307-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=23806
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
https://usn.ubuntu.com/4336-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
