CVE-2018-18607

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

Published : 2018-10-23 17:29 Updated : 2019-03-21 19:05

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Gnu Binutils 2.31 cpe:/a:gnu:binutils:2.31
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Netapp Data Ontap - cpe:/o:netapp:data_ontap:-
  1. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 7.0
      2. 8.0
      3. 9.0
  2. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.31
  3. Netapp (1) Search CVE
    1. Data Ontap (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-03-21 19:05
2019-03-08 11:29
2018-12-06 20:00
2018-10-30 10:29
2018-10-23 17:29

New CVE