CVE-2018-1000876 — Integer Overflow or Wraparound in Binutils
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 20
Latest updateMay 13
Description
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Ubuntu Linux 18.04
🔴Vulnerability Details
3📋Vendor Advisories
4Debian▶
CVE-2018-1000876: binutils - binutils version 2.32 and earlier contains a Integer Overflow vulnerability in o...↗2018
💬Community
4Bugzilla▶
CVE-2018-1000876 binutils: integer overflow leads to heap-based buffer overflow in objdump↗2019-01-09
Bugzilla▶
CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 binutils: various flaws [fedora-all]↗2019-01-09
Bugzilla▶
CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 mingw-binutils: various flaws [epel-all]↗2019-01-09
Bugzilla▶
CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 mingw-binutils: various flaws [fedora-all]↗2019-01-09