PT-2018-3970 · Gnu+2 · Gnu Binutils+2

R4Xis

Published

2018-01-25

Updated

2024-06-15

CVE-2018-6323

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.29.1

Description The issue is related to an unsigned integer overflow in the elf object p function within the elfcode.h component of the GNU Binutils library. This overflow can be triggered by a crafted ELF file, allowing remote attackers to cause a denial of service, such as an application crash, or potentially have other unspecified impacts. The vulnerability may also allow attackers to access or modify confidential data.

Recommendations For GNU Binutils version 2.29.1, consider updating to a newer version that addresses the unsigned integer overflow issue in the elf object p function. As a temporary workaround, restrict the use of specially crafted ELF files to minimize the risk of exploitation.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2023-07800

CVE-2018-6323

MGASA-2019-0169

OPENSUSE-SU-2018_3223-1

OPENSUSE-SU-2018_3323-1

OPENSUSE-SU-2019:2415-1

OPENSUSE-SU-2019:2432-1

OPENSUSE-SU-2019_2415-1

OPENSUSE-SU-2019_2432-1

OPENSUSE-SU-2024:10651-1

SUSE-SU-2018:3170-1

SUSE-SU-2018:3207-1

SUSE-SU-2018:3207-2

SUSE-SU-2019:2779-1

SUSE-SU-2019:2780-1

USN-4336-2

USN-4336-3

Affected Products

Gnu Binutils

Suse

Ubuntu

PT-2018-3970 · Gnu+2 · Gnu Binutils+2

CVE-2018-6323

Weakness Enumeration

Related Identifiers

Affected Products

References · 775