CVE-2018-20623 — Use After Free in Binutils

CWE-416 — Use After Free12 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 44.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedDec 31

Latest updateMay 13

Description

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debiangnu/binutils< 2.32.51.20190707-1+3

▶NVDgnu/binutils2.31.1

🔴Vulnerability Details

GHSA

GHSA-m2v7-7635-wpj6: In GNU Binutils 2↗2022-05-13

▶

CVEList

CVE-2018-20623: In GNU Binutils 2↗2018-12-31

▶

OSV

CVE-2018-20623: In GNU Binutils 2↗2018-12-31

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2021-07-21

▶

Ubuntu

GNU binutils vulnerabilities↗2020-04-22

▶

Red Hat

binutils: Use-after-free in the error function↗2018-12-31

▶

Debian

CVE-2018-20623: binutils - In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfco...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 binutils: various flaws [fedora-all]↗2019-01-09

▶

Bugzilla

CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 mingw-binutils: various flaws [epel-all]↗2019-01-09

▶

Bugzilla

CVE-2018-20623 binutils: Use-after-free in the error function↗2019-01-09

▶

Bugzilla

CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 mingw-binutils: various flaws [fedora-all]↗2019-01-09

▶