CVE-2018-18606

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Published : 2018-10-23 17:29 Updated : 2019-03-21 19:02

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Gnu Binutils 2.31 cpe:/a:gnu:binutils:2.31
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Netapp Data Ontap - cpe:/o:netapp:data_ontap:-
  1. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 7.0
      2. 8.0
      3. 9.0
  2. Netapp (1) Search CVE
    1. Data Ontap (1) Search CVE
      1. -
  3. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.31

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-03-21 19:02
2019-03-08 11:29
2018-12-06 20:00
2018-10-30 10:29
2018-10-23 17:29

New CVE