{"api_version":"1","generated_at":"2026-04-23T10:40:09+00:00","cve":"CVE-2018-6759","urls":{"html":"https://cve.report/CVE-2018-6759","api":"https://cve.report/api/cve/CVE-2018-6759.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6759","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6759"},"summary":{"title":"CVE-2018-6759","description":"The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-02-06 21:29:00","updated_at":"2019-10-31 01:15:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/201811-17","name":"GLSA-201811-17","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"Binutils: Multiple vulnerabilities (GLSA 201811-17) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","name":"openSUSE-SU-2019:2415","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2415-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/103030","name":"103030","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","name":"openSUSE-SU-2019:2432","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2432-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22794","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=22794","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"22794 – Unchecked strnlen operation in bfd_get_debug_link_info_1 (./src/bfd/opncls.c)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6759","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6759","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6759","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"binutils","cpe6":"2.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6759","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"binutils","cpe6":"2.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-6759","qid":"710297","title":"Gentoo Linux Binutils Multiple Vulnerabilities (GLSA 201811-17)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-6759","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"GLSA-201811-17","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201811-17"},{"name":"https://sourceware.org/bugzilla/show_bug.cgi?id=22794","refsource":"CONFIRM","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22794"},{"name":"103030","refsource":"BID","url":"http://www.securityfocus.com/bid/103030"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2415","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2432","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html"}]}},"nvd":{"publishedDate":"2018-02-06 21:29:00","lastModifiedDate":"2019-10-31 01:15:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6759","Ordinal":"122968","Title":"CVE-2018-6759","CVE":"CVE-2018-6759","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6759","Ordinal":"1","NoteData":"The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6759","Ordinal":"2","NoteData":"2018-02-06","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6759","Ordinal":"3","NoteData":"2019-11-05","Type":"Other","Title":"Modified"}]}}}