CVE-2018-18606

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Published : 2018-10-23 17:29 Updated : 2019-03-21 19:02

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Gnu Binutils 2.31 cpe:/a:gnu:binutils:2.31
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Netapp Data Ontap - cpe:/o:netapp:data_ontap:-
  1. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.31
  2. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 7.0
      2. 8.0
      3. 9.0
  3. Netapp (1) Search CVE
    1. Data Ontap (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-03-21 19:02
2019-03-08 11:29
2018-12-06 20:00
2018-10-30 10:29
2018-10-23 17:29

New CVE