SB2018092306 - Denial of service in GNU Binutils 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018092306

SB2018092306 - Denial of service in GNU Binutils

Published: September 23, 2018 Updated: January 21, 2020

Security Bulletin ID SB2018092306
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Buffer overflow (CVE-ID: CVE-2018-17358)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing ELF files within the _bfd_stab_section_find_nearest_line() function in syms.c in Binary File Descriptor (BFD) library (aka libbfd). A remote attacker can create a specially crafted ELF file, pass it to the affected application and trigger invalid memory access, resulting in denial of service conditions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References