Main Vulnerability Database Vulnerabilities #VU12279

Heap-based buffer over-read in Binutils - CVE-2018-10372

Published: April 26, 2018 / Updated: April 27, 2018

Vulnerability identifier: #VU12279

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-10372

CWE-ID: CWE-126

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Binutils

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to cause Dos condition on the target system.

The weakness exists in the process_cu_tu_index function in the dwarf.c source code file due to improper bounds checking when used to process binary files. A remote attacker can trick the victim into opening a specially crafted binary file, as demonstrated by readelf, trigger heap-based buffer overread and cause the service to crash.

How to mitigate CVE-2018-10372

Install update from vendor's website.

Sources

https://sourceware.org/bugzilla/show_bug.cgi?id=23064

Heap-based buffer over-read in Binutils - CVE-2018-10372

Detailed vulnerability description

How to mitigate CVE-2018-10372

Sources

Please verify you're human