PT-2018-3869 · Gnu+6 · Binutils+6

Tfx

Published

2018-12-16

Updated

2024-06-15

CVE-2018-1000876

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions binutils versions 2.32 and earlier

Description The issue is related to an integer overflow vulnerability in the objdump component of the GNU Binutils software development tool. This vulnerability can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability is located in the bfd get dynamic reloc upper bound and bfd canonicalize dynamic reloc functions. Successful exploitation can lead to the execution of arbitrary code, and this attack appears to be exploitable locally.

Recommendations For binutils version 2.32 and earlier, update to a version that includes the fix after commit 3a551c7a1b80fca579461774860574eabfd7f18f to resolve the issue. As a temporary workaround, consider restricting access to the objdump component until a patch is available.

Exploit

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2019-1204

ALT-PU-2019-1367

ALT-PU-2019-3046

BDU:2023-01657

CESA-2019_2075

CVE-2018-1000876

OPENSUSE-SU-2019:2415-1

OPENSUSE-SU-2019:2432-1

OPENSUSE-SU-2019_2415-1

OPENSUSE-SU-2019_2432-1

OPENSUSE-SU-2024:10651-1

RHSA-2019:2075

RHSA-2019_2075

SUSE-SU-2019:2650-1

SUSE-SU-2019:2779-1

SUSE-SU-2019:2780-1

SUSE-SU-2019_2650-1

SUSE-SU-2019_2779-1

SUSE-SU-2019_2780-1

USN-4336-1

USN-4336-2

Affected Products

Alt Linux

Astra Linux

Centos

Red Hat

Suse

Ubuntu

Binutils

PT-2018-3869 · Gnu+6 · Binutils+6

CVE-2018-1000876

Weakness Enumeration

Related Identifiers

Affected Products

References · 685