Main Vulnerability Database Vulnerabilities #VU36619

Buffer overflow in Binutils - CVE-2018-17359

Published: September 23, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36619

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-17359

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Binutils

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

How to mitigate CVE-2018-17359

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
https://sourceware.org/bugzilla/show_bug.cgi?id=23686
https://usn.ubuntu.com/4336-1/

Buffer overflow in Binutils - CVE-2018-17359

Detailed vulnerability description

How to mitigate CVE-2018-17359

Sources

Please verify you're human