QID 671091

Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of gnu assemblers), gprof (for displaying call graph profile data), ld (the gnu linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line).
security fix(es): an issue was discovered in the binary file descriptor (bfd) library (aka libbfd), as distributed in gnu binutils 2.31.
An invalid memory address dereference was discovered in read_reloc in reloc.c.
The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.(cve-2018-18309) a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the binary file descriptor (bfd) library (aka libbfd), as distributed in gnu binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize.
A specially crafted elf allows remote attackers to cause a denial of service, as demonstrated by ld.(cve-2018-18605) an issue was discovered in elf_link_input_bfd in elflink.c in the binary file descriptor (bfd) library (aka libbfd), as distributed in gnu binutils 2.31.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.