CVE-2018-13033

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30

Description The issue is related to the bfd elf parse attributes function in the elf-attrs.c component of GNU Binutils, which is associated with unlimited memory allocation. This can be exploited by a remote attacker using a specially crafted ELF file, leading to a denial of service (excessive memory allocation and application crash). The vulnerability can be triggered during the execution of nm, for example, via the bfd elf parse attributes function in elf-attrs.c and the bfd malloc function in libbfd.c.

Recommendations For GNU Binutils version 2.30, consider disabling the bfd elf parse attributes function as a temporary workaround until a patch is available. Restrict access to the elf-attrs.c component to minimize the risk of exploitation. Avoid using specially crafted ELF files that could trigger the excessive memory allocation issue.