CVE-2018-13033

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

Published : 2018-07-01 16:29 Updated : 2019-10-03 00:03

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Redhat Openshift Container Platform 3.11 cpe:/a:redhat:openshift_container_platform:3.11
Gnu Binutils 2.30 cpe:/a:gnu:binutils:2.30
  1. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.30
  2. Redhat (4) Search CVE
    1. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    2. Enterprise Linux Server (1) Search CVE
      1. 7.0
    3. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    4. Openshift Container Platform (1) Search CVE
      1. 3.11

CWE

ID Name Description Links
CWE-770 Allocation of Resources Without Limits or Throttling The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor. CVE

History of changes

Date Event
2019-10-03 00:03
2019-08-03 13:15
2019-04-25 19:22
2019-04-24 06:29
2019-03-20 16:38
2018-10-31 10:31
2018-08-27 18:16
2018-07-04 01:29
2018-07-01 16:29

New CVE