#VU13471 Heap-based buffer overflow in Binutils - CVE-2018-12699

Cybersecurity Help s.r.o.

Published: 2018-06-25 | Updated: 2018-06-26

Vulnerability identifier: #VU13471

Vulnerability risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-12699

CWE-ID: CWE-122

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Binutils
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the finish_stab function, as defined in the stabs.c source code file. A local attacker can execute the objdump command, trigger memory corruption and cause the service to crash.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Binutils: 2.30

External links
https://sourceware.org/bugzilla/show_bug.cgi?id=23057

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Juniper Secure Analytics update for third-party components

Multiple vulnerabilities in IBM Cloud Pak for Security

Anolis OS update for binutils

Multiple vulnerabilities in IBM QRadar SIEM

Multiple vulnerabilities in OpenShift Logging 5.6

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Multiple vulnerabilities in Red Hat OpenShift Dev Spaces 3.17

Red Hat Enterprise Linux 8 update for binutils

openEuler update for binutils