CVE-2018-6759Improper Input Validation in Binutils

CWE-20Improper Input Validation10 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 60.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedFeb 6
Latest updateMay 13

Description

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/binutils< 2.30-3+3
NVDgnu/binutils2.30

🔴Vulnerability Details

3
GHSA
GHSA-h3f9-f778-x29x: The bfd_get_debug_link_info_1 function in opncls2022-05-13
OSV
CVE-2018-6759: The bfd_get_debug_link_info_1 function in opncls2018-02-06
CVEList
CVE-2018-6759: The bfd_get_debug_link_info_1 function in opncls2018-02-06

📋Vendor Advisories

3
Ubuntu
GNU binutils vulnerabilities2021-07-21
Red Hat
binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service2018-02-06
Debian
CVE-2018-6759: binutils - The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor...2018

💬Community

3
Bugzilla
CVE-2018-6759 binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service [fedora-all]2018-02-08
Bugzilla
CVE-2018-6759 binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service2018-02-08
Bugzilla
CVE-2018-6759 mingw-binutils: binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service [epel-all]2018-02-08
CVE-2018-6759 — Improper Input Validation in Binutils | cvebase