Vulnerability Description
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.30 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
- http://www.securityfocus.com/bid/103030Third Party AdvisoryVDB Entry
- https://security.gentoo.org/glsa/201811-17Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=22794Issue TrackingThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
- http://www.securityfocus.com/bid/103030Third Party AdvisoryVDB Entry
- https://security.gentoo.org/glsa/201811-17Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=22794Issue TrackingThird Party Advisory
FAQ
What is CVE-2018-6759?
CVE-2018-6759 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers c...
How severe is CVE-2018-6759?
CVE-2018-6759 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6759?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.