CVE-2018-18605

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Published : 2018-10-23 17:29 Updated : 2019-03-21 19:03

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Gnu Binutils 2.31 cpe:/a:gnu:binutils:2.31
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Netapp Data Ontap - cpe:/o:netapp:data_ontap:-
  1. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.31
  2. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 7.0
      2. 8.0
      3. 9.0
  3. Netapp (1) Search CVE
    1. Data Ontap (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-03-21 19:03
2019-03-08 11:29
2018-12-06 19:59
2018-10-30 10:29
2018-10-23 17:29

New CVE