CVE-2018-17359 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 45.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 23
Latest updateMay 13
Description
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-6xc7-v897-2j4f: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-13
CVEList▶
CVE-2018-17359: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2018-09-23
OSV▶
CVE-2018-17359: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2018-09-23