CVE-2018-6759
MEDIUMGNU Binutils - Denial of Service via Crafted ELF File
Title source: llmDescription
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201811-17
Issue Tracking, Third Party Advisory x_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=22794
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103030
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
Scores
CVSS v3
5.5
EPSS
0.0018
EPSS Percentile
39.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
gnu/binutils
2.30
Published
Feb 06, 2018
Tracked Since
Feb 18, 2026