PT-2018-2386 · Gnu+2 · Gnu Binutils+2

Jayzhang

Publicado

2018-02-09

Atualizado

2024-06-15

CVE-2018-6872

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30

Description The issue is related to the elf parse notes function in the elf.c file of GNU Binutils, which is associated with out-of-bounds data access errors. This can be exploited by a remote attacker using an ELF file with a NOTES segment that has a large alignment value, potentially causing a denial of service due to out-of-bounds read and segmentation violation.

Recommendations For GNU Binutils version 2.30, consider disabling the elf parse notes function as a temporary workaround until a patch is available. Restrict access to ELF files with potentially malicious NOTES segments to minimize the risk of exploitation.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2019-1204

ALT-PU-2019-1367

BDU:2019-00575

CVE-2018-6872

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2018_3323-1

OPENSUSE-SU-2019:2415-1

OPENSUSE-SU-2019:2432-1

OPENSUSE-SU-2019_2415-1

OPENSUSE-SU-2019_2432-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2018:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

SUSE-SU-2019:2779-1

SUSE-SU-2019:2780-1

Produtos afetados

Alt Linux

Gnu Binutils

Suse

PT-2018-2386 · Gnu+2 · Gnu Binutils+2

CVE-2018-6872

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 445