CVE-2018-20002

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.31

Description The issue is related to a memory leak in the bfd generic read minisymbols function, located in the syms.c file of the Binary File Descriptor (BFD) library, which is part of the GNU Binutils package. This memory leak can be triggered by a crafted ELF file, leading to a denial of service due to memory consumption. The nm utility is an example of a tool that can be used to demonstrate this issue.

Recommendations For GNU Binutils version 2.31, consider applying a patch to fix the memory leak in the bfd generic read minisymbols function as a permanent solution. As a temporary workaround, restrict the use of the nm utility with untrusted ELF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.