CVE-2018-20002

CWE-772CWE-400Uncontrolled Resource Consumption12 documents8 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 44.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
F5 Traffix Signaling Delivery ControllerGNU BinutilsNetapp Vasa Provider
Timeline
PublishedDec 10
Latest updateMay 13

Description

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianbinutils< 2.32.51.20190707-1+3
NVDgnu/binutils2.31

Patches

Patch: security.netapp.comPatch: security.netapp.com

🔴Vulnerability Details

3
GHSA
GHSA-hrvr-8x4g-x94c: The _bfd_generic_read_minisymbols function in syms2022-05-13
OSV
CVE-2018-20002: The _bfd_generic_read_minisymbols function in syms2018-12-10
CVEList
CVE-2018-20002: The _bfd_generic_read_minisymbols function in syms2018-12-10

📋Vendor Advisories

4
Ubuntu
GNU binutils vulnerabilities2021-07-21
Ubuntu
GNU binutils vulnerabilities2020-04-22
Red Hat
binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c2018-12-07
Debian
CVE-2018-20002: binutils - The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descript...2018

💬Community

4
Bugzilla
CVE-2018-20002 binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c2018-12-21
Bugzilla
CVE-2018-20002 mingw-binutils: binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c [epel-all]2018-12-21
Bugzilla
CVE-2018-20002 binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c [fedora-all]2018-12-21
Bugzilla
CVE-2018-20002 mingw-binutils: binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c [fedora-all]2018-12-21
CVE-2018-20002 (MEDIUM CVSS 5.5) | The _bfd_generic_read_minisymbols f | cvebase.io