PT-2018-3970 · Gnu+2 · Gnu Binutils+2

R4Xis

Publicado

2018-01-25

Atualizado

2024-06-15

CVE-2018-6323

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.29.1

Description The issue is related to an unsigned integer overflow in the elf object p function within the elfcode.h component of the GNU Binutils library. This overflow can be triggered by a crafted ELF file, allowing remote attackers to cause a denial of service, such as an application crash, or potentially have other unspecified impacts. The vulnerability may also allow attackers to access or modify confidential data.

Recommendations For GNU Binutils version 2.29.1, consider updating to a newer version that addresses the unsigned integer overflow issue in the elf object p function. As a temporary workaround, restrict the use of specially crafted ELF files to minimize the risk of exploitation.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

BDU:2023-07800

CVE-2018-6323

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2018_3323-1

OPENSUSE-SU-2019:2415-1

OPENSUSE-SU-2019:2432-1

OPENSUSE-SU-2019_2415-1

OPENSUSE-SU-2019_2432-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2018:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

SUSE-SU-2019:2779-1

SUSE-SU-2019:2780-1

USN-4336-2

USN-4336-3

Produtos afetados

Gnu Binutils

Suse

Ubuntu

PT-2018-3970 · Gnu+2 · Gnu Binutils+2

CVE-2018-6323

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 775