Buffer overflow in Binutils - CVE-2018-17358
Published: January 21, 2020
Vulnerability identifier: #VU24443
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-17358
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GNU
Affected software:
Binutils
Binutils
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing ELF files within the _bfd_stab_section_find_nearest_line() function in syms.c in Binary File Descriptor (BFD) library (aka libbfd). A remote attacker can create a specially crafted ELF file, pass it to the affected application and trigger invalid memory access, resulting in denial of service conditions.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-17358
Install updates from vendor's website.