CVE-2018-12699: finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
debian	binutils	< binutils 2.32.51.20190707-1 (bookworm)	binutils 2.32.51.20190707-1 (bookworm)
debian	binutils	< binutils 2.37.50.20220106-1 (bookworm)	binutils 2.37.50.20220106-1 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
gnu	binutils	<= 2.37	—
gnu	binutils	—	—
gnu	binutils	>= 0 < 2.32.51.20190707-1	2.32.51.20190707-1
gnu	binutils	>= 0 < 2.37.50.20220106-1	2.37.50.20220106-1
gnu	binutils	>= 0 < 2.32.51.20190707-1	2.32.51.20190707-1
gnu	binutils	>= 0 < 2.37.50.20220106-1	2.37.50.20220106-1
gnu	binutils	>= 0 < 2.32.51.20190707-1	2.32.51.20190707-1
gnu	binutils	>= 0 < 2.37.50.20220106-1	2.37.50.20220106-1
gnu	binutils	>= 0 < 2.32.51.20190707-1	2.32.51.20190707-1
msrc	cbl2_binutils_2.37-3_on_cbl_mariner_2.0	—	—
msrc	cm1_binutils_2.36.1-2_on_cbl_mariner_1.0	—	—
redhat	enterprise_linux	—	—

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv9.8CRITICAL