GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability

Bugtraq ID:	104540
Class:	Boundary Condition Error
CVE:	CVE-2018-12699
Remote:	Yes
Local:	No
Published:	Jun 23 2018 12:00AM
Updated:	Jun 23 2018 12:00AM
Credit:	Sergej Schumilo, Cornelius Aschermann, Ruhr-Universität Bochum
Vulnerable:	GNU Binutils 2.30
Not Vulnerable:

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability

GNU Binutils is prone to a heap-based buffer-overflow vulnerability.

Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

GNU Binutils 2.30 is vulnerable; other versions may also be affected.

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

GNU Binutils CVE-2018-12699 Heap Based Buffer Overflow Vulnerability

References:

• GCC Home Page (GNU)
  
• Bug 23057 - Multiple memory corruptions in objdump (binuitils-2.30-15ubuntu1) (Sourceware)
  
• Bug 85454 - Multiple memory corruptions in objdump / C++ name demangler (GNU)