CVE-2018-17360 — Out-of-bounds Read in Binutils
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 36.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 23
Latest updateMay 13
Description
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-r424-xhv9-jprm: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-13
OSV▶
CVE-2018-17360: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2018-09-23
CVEList▶
CVE-2018-17360: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2018-09-23
📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2018-17360 mingw-binutils: binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c [fedora-all]↗2018-09-25
Bugzilla▶
CVE-2018-17360 binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c [fedora-all]↗2018-09-25
Bugzilla▶
CVE-2018-17360 mingw-binutils: binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c [epel-all]↗2018-09-25