CVE-2018-6759
Summary
| CVE | CVE-2018-6759 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-02-06 21:29:00 UTC |
| Updated | 2019-10-31 01:15:00 UTC |
| Description | The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Binutils: Multiple vulnerabilities (GLSA 201811-17) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2019:2415-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] openSUSE-SU-2019:2432-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| 22794 – Unchecked strnlen operation in bfd_get_debug_link_info_1 (./src/bfd/opncls.c) | CONFIRM | sourceware.org | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710297 Gentoo Linux Binutils Multiple Vulnerabilities (GLSA 201811-17)