CVE-2018-10535

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30

Description The issue is related to the ignore section sym function in the elf.c file of the Binary File Descriptor (BFD) library, which is part of GNU Binutils. This function does not validate the output section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value. As a result, remote attackers can cause a denial of service, leading to a NULL pointer dereference and application crash, by providing a crafted file. For example, this can be demonstrated using objcopy.

Recommendations For GNU Binutils version 2.30, consider updating to a newer version that includes a fix for this issue, as the current version allows for a denial of service attack via a crafted file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.