Detections
Analytics

Alpine: binutils: security update to 2.30-r6

high Tenable Cloud Security Plugin ID 403680

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a
 denial of service (integer overflow and application crash) or possibly have unspecified other impact via a
 crafted ELF file, as demonstrated by objdump. (CVE-2018-7643)

 - In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in
 objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a
 denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-6543)

 - The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka
 libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could
 leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.
 (CVE-2018-6759)

 - The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as
 distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read
 and segmentation violation) via a note with a large alignment. (CVE-2018-6872)

 - In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd),
 as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a
 denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as
 demonstrated by objcopy of a COFF object. (CVE-2018-7208)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-6543

https://security.alpinelinux.org/vuln/CVE-2018-6759

https://security.alpinelinux.org/vuln/CVE-2018-6872

https://security.alpinelinux.org/vuln/CVE-2018-7208

https://security.alpinelinux.org/vuln/CVE-2018-7568

https://security.alpinelinux.org/vuln/CVE-2018-7569

https://security.alpinelinux.org/vuln/CVE-2018-7570

https://security.alpinelinux.org/vuln/CVE-2018-7642

https://security.alpinelinux.org/vuln/CVE-2018-7643

https://security.alpinelinux.org/vuln/CVE-2018-8945

Plugin Details

Severity: High

ID: 403680

Version: Revision 1.24

Type: Local

Published: 10/31/2023

Updated: 3/12/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-7643

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/2/2018

Reference Information

CVE: CVE-2018-6543, CVE-2018-6759, CVE-2018-6872, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7570, CVE-2018-7642, CVE-2018-7643, CVE-2018-8945

BID: 102985, 103030, 103103, 103077, 103264