CVE-2018-18605

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Published : 2018-10-23 17:29 Updated : 2019-10-03 00:03

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Netapp Data Ontap - cpe:/o:netapp:data_ontap:-
Gnu Binutils 2.31 cpe:/a:gnu:binutils:2.31
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
  1. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.31
  2. Netapp (1) Search CVE
    1. Data Ontap (1) Search CVE
      1. -
  3. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 7.0
      2. 8.0
      3. 9.0

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-10-03 00:03
2019-03-21 19:03
2019-03-08 11:29
2018-12-06 19:59
2018-10-30 10:29
2018-10-23 17:29

New CVE