PT-2018-2386 · Gnu+2 · Gnu Binutils+2

Jayzhang

·

Published

2018-02-09

·

Updated

2024-06-15

·

CVE-2018-6872

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.30
Description The issue is related to the elf parse notes function in the elf.c file of GNU Binutils, which is associated with out-of-bounds data access errors. This can be exploited by a remote attacker using an ELF file with a NOTES segment that has a large alignment value, potentially causing a denial of service due to out-of-bounds read and segmentation violation.
Recommendations For GNU Binutils version 2.30, consider disabling the elf parse notes function as a temporary workaround until a patch is available. Restrict access to ELF files with potentially malicious NOTES segments to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-1204
ALT-PU-2019-1367
BDU:2019-00575
CVE-2018-6872
MGASA-2019-0169
OPENSUSE-SU-2018_3223-1
OPENSUSE-SU-2018_3323-1
OPENSUSE-SU-2019:2415-1
OPENSUSE-SU-2019:2432-1
OPENSUSE-SU-2019_2415-1
OPENSUSE-SU-2019_2432-1
OPENSUSE-SU-2024:10651-1
SUSE-SU-2018:3170-1
SUSE-SU-2018:3207-1
SUSE-SU-2018:3207-2
SUSE-SU-2019:2779-1
SUSE-SU-2019:2780-1

Affected Products

Alt Linux
Gnu Binutils
Suse