Main Vulnerability Database Vulnerabilities #VU16781

Use-after-free in Binutils - CVE-2018-20623

Published: January 2, 2019

Vulnerability identifier: #VU16781

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-20623

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Binutils

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The vulnerability exists due to use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c. A remote attacker can supply a specially crafted ELF file, trigger heap-based buffer overflow and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2018-20623

Install updates from vendor's website.

Sources

https://sourceware.org/bugzilla/show_bug.cgi?id=24049

Use-after-free in Binutils - CVE-2018-20623

Detailed vulnerability description

How to mitigate CVE-2018-20623

Sources

Please verify you're human