CVE-2018-6759

MEDIUM

Description

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

http://www.securityfocus.com/bid/103030

https://security.gentoo.org/glsa/201811-17

https://sourceware.org/bugzilla/show_bug.cgi?id=22794

Details

Source: MITRE

Published: 2018-02-06

Updated: 2019-10-31

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
132275EulerOS 2.0 SP3 : binutils (EulerOS-SA-2019-2558)NessusHuawei Local Security Checks
high
131604EulerOS 2.0 SP2 : binutils (EulerOS-SA-2019-2450)NessusHuawei Local Security Checks
high
130576openSUSE Security Update : binutils (openSUSE-2019-2432)NessusSuSE Local Security Checks
medium
130420openSUSE Security Update : binutils (openSUSE-2019-2415)NessusSuSE Local Security Checks
medium
130340SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2019:2780-1)NessusSuSE Local Security Checks
medium
130257SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2019:2779-1)NessusSuSE Local Security Checks
medium
123342openSUSE Security Update : binutils (openSUSE-2019-808)NessusSuSE Local Security Checks
medium
121960Photon OS 2.0: Binutils PHSA-2018-2.0-0064NessusPhotonOS Local Security Checks
high
121852Photon OS 1.0: Binutils PHSA-2018-1.0-0154NessusPhotonOS Local Security Checks
high
120133SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2018:3170-2)NessusSuSE Local Security Checks
medium
120132SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2018:3170-1)NessusSuSE Local Security Checks
medium
119162GLSA-201811-17 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
118337openSUSE Security Update : binutils (openSUSE-2018-1222)NessusSuSE Local Security Checks
medium
118303SUSE SLES12 Security Update : binutils (SUSE-SU-2018:3207-2)NessusSuSE Local Security Checks
high
118220openSUSE Security Update : binutils (openSUSE-2018-1198)NessusSuSE Local Security Checks
high
118199SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2018:3207-1)NessusSuSE Local Security Checks
high
111951Photon OS 2.0: Binutils / Glibc PHSA-2018-2.0-0064 (deprecated)NessusPhotonOS Local Security Checks
high
111938Photon OS 1.0: Apache / Binutils PHSA-2018-1.0-0154 (deprecated)NessusPhotonOS Local Security Checks
high