CVE-2018-6759

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
http://www.securityfocus.com/bid/103030	Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201811-17	Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=22794	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-06 21:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-6759

Mitre link : CVE-2018-6759

CVE.ORG link : CVE-2018-6759

JSON object : View

Products Affected

gnu

binutils

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2018-6759", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-02-06T21:29:00.520", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/103030", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201811-17", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22794", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file."}, {"lang": "es", "value": "La funci\u00f3n bfd_get_debug_link_info_1 en opncls.c en la biblioteca Binary File Descriptor (BFD), tambi\u00e9n conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29.2,30, tiene una operaci\u00f3n strnlen sin verificar. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) mediante un archivo ELF manipulado."}], "lastModified": "2019-10-31T01:15:15.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3A002B-702A-4599-96AF-1295A7B4F5BA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}