CVE-2018-18309 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 61.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 15
Latest updateMay 13
Description
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-cqf4-rwmp-9g9j: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-13
CVEList▶
CVE-2018-18309: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2018-10-15
OSV▶
CVE-2018-18309: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2018-10-15
📋Vendor Advisories
4Debian▶
CVE-2018-18309: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)...↗2018
💬Community
4Bugzilla▶
CVE-2018-18309 mingw-binutils: binutils: invalid memory address dereference in read_reloc in reloc.c [fedora-all]↗2018-10-16
Bugzilla
▶
Bugzilla▶
CVE-2018-18309 mingw-binutils: binutils: invalid memory address dereference in read_reloc in reloc.c [epel-all]↗2018-10-16
Bugzilla▶
CVE-2018-18309 binutils: invalid memory address dereference in read_reloc in reloc.c [fedora-all]↗2018-10-16