#VU13471 Heap-based buffer overflow in Binutils - CVE-2018-12699

Cybersecurity Help s.r.o.

Published: 2018-06-25 | Updated: 2018-06-26

Vulnerability identifier: #VU13471

Vulnerability risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-12699

CWE-ID: CWE-122

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Binutils
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the finish_stab function, as defined in the stabs.c source code file. A local attacker can execute the objdump command, trigger memory corruption and cause the service to crash.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Binutils: 2.30

External links
https://sourceware.org/bugzilla/show_bug.cgi?id=23057

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Anolis OS update for binutils

Multiple vulnerabilities in IBM QRadar SIEM

Multiple vulnerabilities in OpenShift Logging 5.6

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Multiple vulnerabilities in Red Hat OpenShift Dev Spaces 3.17

Red Hat Enterprise Linux 8 update for binutils

openEuler update for binutils

Denial of service in GNU Binutils