Memory corruption in Binutils - CVE-2018-7569
Published: March 14, 2018
Vulnerability identifier: #VU11090
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-7569
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GNU
Affected software:
Binutils
Binutils
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the dwarf2.c source code file due to the improper processing of crafted Executable and Linkable Format (ELF) files that contain a corrupted DWARF FORM block. A remote attacker can send a specially crafted ELF file, trick the victim into opening it, trigger integer overflow or underflow and cause the service to crash.
The weakness exists in the dwarf2.c source code file due to the improper processing of crafted Executable and Linkable Format (ELF) files that contain a corrupted DWARF FORM block. A remote attacker can send a specially crafted ELF file, trick the victim into opening it, trigger integer overflow or underflow and cause the service to crash.
How to mitigate CVE-2018-7569
Install update from vendor's website.