binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html | Broken Link |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html | Broken Link |
http://www.securityfocus.com/bid/106304 | Broken Link |
https://access.redhat.com/errata/RHSA-2019:2075 | Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=23994 | Exploit Issue Tracking Third Party Advisory |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f | |
https://usn.ubuntu.com/4336-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Feb 2023, 20:43
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4336-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html - Broken Link | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2075 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/106304 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html - Broken Link | |
First Time |
Redhat enterprise Linux Desktop
Redhat Redhat enterprise Linux Server Canonical Canonical ubuntu Linux Redhat enterprise Linux Workstation |
|
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
Information
Published : 2018-12-20 17:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-1000876
Mitre link : CVE-2018-1000876
CVE.ORG link : CVE-2018-1000876
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux_server
gnu
- binutils
canonical
- ubuntu_linux