{"api_version":"1","generated_at":"2026-04-22T22:48:05+00:00","cve":"CVE-2018-19932","urls":{"html":"https://cve.report/CVE-2018-19932","api":"https://cve.report/api/cve/CVE-2018-19932.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-19932","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-19932"},"summary":{"title":"CVE-2018-19932","description":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-12-07 07:29:00","updated_at":"2023-11-07 02:55:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106144","name":"106144","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"GNU Binutils Integer Overflow and Heap Based Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.gentoo.org/glsa/201908-01","name":"GLSA-201908-01","refsource":"GENTOO","tags":[],"title":"Binutils: Multiple vulnerabilities (GLSA 201908-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190221-0004/","name":"https://security.netapp.com/advisory/ntap-20190221-0004/","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"December 2018 GNU Binutils Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4336-1/","name":"USN-4336-1","refsource":"UBUNTU","tags":[],"title":"USN-4336-1: GNU binutils vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","name":"openSUSE-SU-2019:2415","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2415-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=beab453223769279cc1cef68a1622ab8978641f7","name":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=beab453223769279cc1cef68a1622ab8978641f7","refsource":"","tags":[],"title":"sourceware.org Git - binutils-gdb.git/commit","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","name":"openSUSE-SU-2019:2432","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2432-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7","name":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7","refsource":"MISC","tags":["Patch"],"title":"sourceware.org Git - binutils-gdb.git/commit","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=23932","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=23932","refsource":"MISC","tags":["Exploit","Issue Tracking","Patch"],"title":"23932 – integer overflow causes an endless loop","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-19932","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19932","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"19932","vulnerable":"1","versionEndIncluding":"2.31","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"binutils","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19932","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"cluster_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19932","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"cluster_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19932","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"vasa_provider","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19932","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"vasa_provider","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-19932","qid":"500066","title":"Alpine Linux Security Update for binutils"},{"cve":"CVE-2018-19932","qid":"501178","title":"Alpine Linux Security Update for binutils-avr"},{"cve":"CVE-2018-19932","qid":"503745","title":"Alpine Linux Security Update for binutils"},{"cve":"CVE-2018-19932","qid":"710158","title":"Gentoo Linux Binutils Multiple vulnerabilities (GLSA 201908-01)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-19932","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://security.netapp.com/advisory/ntap-20190221-0004/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190221-0004/"},{"name":"106144","refsource":"BID","url":"http://www.securityfocus.com/bid/106144"},{"name":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7","refsource":"MISC","url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7"},{"name":"https://sourceware.org/bugzilla/show_bug.cgi?id=23932","refsource":"MISC","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=23932"},{"refsource":"GENTOO","name":"GLSA-201908-01","url":"https://security.gentoo.org/glsa/201908-01"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2415","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2432","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"},{"refsource":"UBUNTU","name":"USN-4336-1","url":"https://usn.ubuntu.com/4336-1/"}]}},"nvd":{"publishedDate":"2018-12-07 07:29:00","lastModifiedDate":"2023-11-07 02:55:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*","versionEndIncluding":"2.31","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"19932","Ordinal":"138780","Title":"CVE-2018-19932","CVE":"CVE-2018-19932","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"19932","Ordinal":"1","NoteData":"An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"19932","Ordinal":"2","NoteData":"2018-12-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"19932","Ordinal":"3","NoteData":"2020-04-28","Type":"Other","Title":"Modified"}]}}}