CVE-2018-20671Integer Overflow or Wraparound in Binutils

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds Write14 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 70.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedJan 4
Latest updateOct 4

Description

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.32.51.20190707-1+3
NVDgnu/binutils2.31.1

🔴Vulnerability Details

4
OSV
binutils vulnerabilities2023-10-04
GHSA
GHSA-crr7-7j5m-9cvf: load_specific_debug_section in objdump2022-05-13
CVEList
CVE-2018-20671: load_specific_debug_section in objdump2019-01-04
OSV
CVE-2018-20671: load_specific_debug_section in objdump2019-01-04

📋Vendor Advisories

5
Ubuntu
GNU binutils vulnerabilities2023-10-04
Ubuntu
GNU binutils vulnerabilities2021-07-21
Ubuntu
GNU binutils vulnerabilities2020-04-22
Red Hat
binutils: Integer overflow in load_specific_debug_section function2018-12-19
Debian
CVE-2018-20671: binutils - load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains...2018

💬Community

4
Bugzilla
CVE-2018-20671 binutils: Integer overflow in load_specific_debug_section function2019-01-09
Bugzilla
CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 binutils: various flaws [fedora-all]2019-01-09
Bugzilla
CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 mingw-binutils: various flaws [epel-all]2019-01-09
Bugzilla
CVE-2018-1000876 CVE-2018-20623 CVE-2018-20651 CVE-2018-20657 CVE-2018-20671 CVE-2018-20673 mingw-binutils: various flaws [fedora-all]2019-01-09
CVE-2018-20671 — Integer Overflow or Wraparound | cvebase