CVE-2018-19932

CWE-190 — Integer Overflow9 documents8 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 38.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils Netapp Vasa Provider

Timeline

PublishedDec 7

Latest updateMay 14

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianbinutils< 2.32.51.20190707-1+3

▶NVDgnu/binutils2.31

▶NVDnetapp/vasa_provider

Patches

Patch: security.netapp.com ↗Patch: sourceware.org ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-j9qc-g9xg-h63p: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2↗2022-05-14

▶

OSV

CVE-2018-19932: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2↗2018-12-07

▶

CVEList

CVE-2018-19932: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2↗2018-12-07

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Ubuntu

GNU binutils vulnerabilities↗2020-04-22

▶

Red Hat

binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service↗2018-11-30

▶

Debian

CVE-2018-19932: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)...↗2018

▶

💬Community

Bugzilla

CVE-2018-19932 binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service↗2018-12-13

▶