CVE-2018-13033

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

References

http://www.securityfocus.com/bid/104584

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2018:3032

https://security.gentoo.org/glsa/201908-01

https://sourceware.org/bugzilla/show_bug.cgi?id=23361

Details

Source: MITRE

Published: 2018-07-01

Updated: 2019-10-03

Type: CWE-770

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
151919Ubuntu 16.04 LTS : GNU binutils vulnerabilities (USN-4336-2)NessusUbuntu Local Security Checks
critical
135966Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1)NessusUbuntu Local Security Checks
critical
127559GLSA-201908-01 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
127252NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Multiple Vulnerabilities (NS-SA-2019-0060)NessusNewStart CGSL Local Security Checks
high
121047Amazon Linux 2 : binutils (ALAS-2019-1138)NessusAmazon Linux Local Security Checks
high
119179Scientific Linux Security Update : binutils on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
118983CentOS 7 : binutils (CESA-2018:3032)NessusCentOS Local Security Checks
high
118762Oracle Linux 7 : binutils (ELSA-2018-3032)NessusOracle Linux Local Security Checks
high
118514RHEL 7 : binutils (RHSA-2018:3032)NessusRed Hat Local Security Checks
high