cbcvebase.
CVE-2018-20002
published 2018-12-10

CVE-2018-20002: The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a…

medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianbinutils< binutils 2.32.51.20190707-1 (bookworm)binutils 2.32.51.20190707-1 (bookworm)
f5traffix_signaling_delivery_controller
f5traffix_signaling_delivery_controller5.0.0 – 5.1.0
gnubinutils
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
gnubinutils>= 0 < 2.32.51.20190707-12.32.51.20190707-1
netappvasa_provider>= 7.2

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM