CVE-2018-6759

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-6759
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6759.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-6759
Related
Published
2018-02-06T21:29:00Z
Modified
2024-10-18T00:02:00.849048Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The bfdgetdebuglinkinfo_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

References

Affected packages

Alpine:v3.7 / binutils

Package

Name
binutils
Purl
pkg:apk/alpine/binutils?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-r2

Affected versions

2.*

2.20.51.0.4-r1
2.20.51.0.12-r0
2.21-r0
2.21.1-r0
2.22-r0
2.22-r1
2.23-r0
2.23.1-r0
2.23.2-r0
2.23.2-r1
2.23.2-r2
2.23.2-r3
2.23.2-r4
2.23.2-r5
2.24-r0
2.24-r1
2.24-r2
2.24-r3
2.24-r4
2.24-r5
2.25-r0
2.25-r1
2.25-r2
2.25-r3
2.25.1-r0
2.26-r0
2.26.1-r0
2.27-r0
2.27-r1
2.28-r0
2.28-r1
2.28-r2
2.28-r3
2.30-r0
2.30-r1

Alpine:v3.8 / binutils

Package

Name
binutils
Purl
pkg:apk/alpine/binutils?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-r6

Affected versions

2.*

2.20.51.0.4-r1
2.20.51.0.12-r0
2.21-r0
2.21.1-r0
2.22-r0
2.22-r1
2.23-r0
2.23.1-r0
2.23.2-r0
2.23.2-r1
2.23.2-r2
2.23.2-r3
2.23.2-r4
2.23.2-r5
2.24-r0
2.24-r1
2.24-r2
2.24-r3
2.24-r4
2.24-r5
2.25-r0
2.25-r1
2.25-r2
2.25-r3
2.25.1-r0
2.26-r0
2.26.1-r0
2.27-r0
2.27-r1
2.28-r0
2.28-r1
2.28-r2
2.28-r3
2.30-r0
2.30-r1
2.30-r2
2.30-r3
2.30-r4
2.30-r5

Debian:11 / binutils

Package

Name
binutils
Purl
pkg:deb/debian/binutils?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / binutils

Package

Name
binutils
Purl
pkg:deb/debian/binutils?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / binutils

Package

Name
binutils
Purl
pkg:deb/debian/binutils?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.30-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / sourceware.org/git/binutils-gdb.git

Affected ranges

Type
GIT
Repo
https://sourceware.org/git/binutils-gdb.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8db5daf9efe8a6174d3b10ac7bba8c178836e9ce

Affected versions

Other

binu_ss_19990502
binutils-2_30
gdb-4_18-branchpoint
gdb_5_2-branchpoint
gdb_5_3-branchpoint
gdb_6_0-branchpoint
gdb_6_1-branchpoint
gdb_6_2-branchpoint
gdb_6_3-branchpoint
gdb_6_4-branchpoint
gdb_6_5-branchpoint
gdb_6_6-branchpoint
gdb_6_7-branchpoint
gdb_6_8-branchpoint
gdb_7_0-branchpoint
gdb_7_1-branchpoint
gdb_7_2-branchpoint
gdb_7_3-branchpoint
gdb_7_4-branchpoint
gdb_7_5-branchpoint
gdb_7_6-branchpoint
readline_4_0
users/ARM/embedded-binutils-master-2016q4
users/ARM/embedded-binutils-master-2017q4
users/ARM/embedded-gdb-master-2017q4

gdb-7.*

gdb-7.10-branchpoint
gdb-7.11-branchpoint
gdb-7.12-branchpoint
gdb-7.7-branchpoint
gdb-7.8-branchpoint
gdb-7.9-branchpoint

gdb-8.*

gdb-8.0-branchpoint
gdb-8.1-branchpoint